A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload.

The identification of this vulnerability is CVE-2024-10766. The attack may be initiated remotely. Furthermore, there is an exploit available.

The initial researcher disclosure contains confusing vulnerability classes and file names.