Simple College Project: >> Simple College Security Vulnerabilities
Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/.
CVSS Score
7.2
EPSS Score
0.038
Published
2021-03-31
A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in college_website/admin/ajax.php?action=login, thus gaining access to the website administrative panel.
CVSS Score
9.8
EPSS Score
0.042
Published
2021-03-31