Student Information System - File Upload

Summary

NameStudent Information System v1.0 - Insecure File Upload
Code nameRubinstein
ProductStudent Information System
VendorKashipara Group
Affected versionsVersion 1.0
StatePublic
Release date2023-12-06

Vulnerability

KindInsecure File Upload
Rule027. Insecure File Upload
RemoteYes
CVSSv3 VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSSv3 Base Score9.9
Exploit availableYes
CVE ID(s)CVE-2023-4122

Description

Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

Vulnerability

The 'photo' parameter of the my-profile.php resource does not validate the contents, extension and type of the file uploaded as a profile image, leading to an arbitrary file upload which can be abused to obtain Remote Code Execution. The vulnerable code is:

if(isset($_POST['submit']))
{
  var_dump($_POST);
$staffname=$_POST['studentname'];
if($_FILES["photo"]["name"]!=""){//it will upload the pic on database
  $photo=$_FILES["photo"]["name"];
  move_uploaded_file($_FILES["photo"]["tmp_name"],"staffphoto/".$_FILES["photo"]["name"]);//photo will move to temp folder
  $ret1=mysqli_query($con,"update staff set staffPhoto='$photo'  where StaffRegno='".$_SESSION['login']."'");
}

Our security policy

We have reserved the ID CVE-2023-4122 to refer to this issue from now on.

System Information

  • Version: Student Information System v1.0
  • Operating System: Any

Mitigation

There is currently no patch available for this vulnerability.

Credits

The vulnerability was discovered by Andres Roldan from Fluid Attacks' Offensive Team.

References

Vendor page https://www.kashipara.com/

Timeline

Time-lapse-logo

2023-11-22

Vulnerability discovered.

Time-lapse-logo

2023-11-22

Vendor contacted.

Time-lapse-logo

2023-12-06

Public Disclosure.

Fluid Logo Footer

Hacking software for over 20 years

Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.

Copyright © 0 Fluid Attacks. We hack your software. All rights reserved.