vendor:
Judging Management System
by:
Angelo Pio Amirante
9.8
CVSS
CRITICAL
Remote Code Execution (RCE)
78
CWE
Product Name: Judging Management System
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows 10 on XAAMP server
2022
Judging Management System v1.0 – Remote Code Execution (RCE)
Judging Management System v1.0 is vulnerable to Remote Code Execution (RCE) due to an authentication bypass vulnerability and unrestricted file upload vulnerability. An attacker can exploit this vulnerability to gain access to the application and execute arbitrary code on the server.
Mitigation:
Ensure that authentication is properly implemented and that file uploads are restricted to only allow certain file types.
