GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload

vendor:

OpenEclass E-learning platform

by:

Georgios Tsimpidas

6.1

CVSS

HIGH

Unrestricted File Upload

434

CWE

Product Name: OpenEclass E-learning platform

Affected Version From: 3.15

Affected Version To: 3.15

Patch Exists: NO

Related CWE: CVE-2024-31777

CPE: -

Metasploit:

Other Scripts:

Platforms Tested: Debian Kali

2024

GUnet OpenEclass E-learning platform 3.15 – ‘certbadge.php’ Unrestricted File Upload

The GUnet OpenEclass E-learning platform version 3.15 allows unrestricted file upload through the 'certbadge.php' file, which can be exploited by an attacker to upload malicious files. This vulnerability has been assigned the CVE-2024-31777.

Mitigation:

To mitigate this vulnerability, restrict file upload capabilities to only allow authorized file types and implement input validation to prevent malicious uploads.

Source

GUnet OpenEclass E-learning platform 3.15 – ‘certbadge.php’ Unrestricted File Upload

Mitigation:

Exploit-DB raw data: