cvedb.io
CVE-2021-46013
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2022-01-18T18:15:08.380 · Last modified 2026-06-17T04:14:24.423

Summary

An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "<?php system($_GET["cmd"]); ?>" gets uploaded it is saved into /uploads/exam_question/ directory, and is accessible by all users.

Affected products

free_school_management_software_project — free_school_management_software

Does this affect you?

Add your gear to cvedb and we'll alert you only when free_school_management_software_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.