CVE-2024-13134 | ZeroWdd studentmanager 1.0 TeacherController. java addTeacher/editTeacher file unrestricted upload

Posted by Angelo Barbosa | Jan 4, 2025 | CVE

A vulnerability, which was classified as critical, was found in ZeroWdd studentmanager 1.0. Affected is the function addTeacher/editTeacher of the file src/main/Java/com/wdd/studentmanager/controller/TeacherController. java. The manipulation of the argument file leads to unrestricted upload.

This vulnerability is traded as CVE-2024-13134. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2024-13134 | ZeroWdd studentmanager 1.0 TeacherController. java addTeacher/editTeacher file unrestricted upload

Related Posts

CVE-2024-21980 | AMD EPYC Embedded 9003 SNP Firmware memory corruption

CVE-2024-41184 | keepalived up to 2.3.1 fglobal_parser.c vrrp_ipsets_handler integer overflow (Issue 2447)

CVE-2023-51671 | FunnelKit Checkout Plugin up to 3.10.3 on WordPress Setting authorization

CVE-2024-25639 | khoj-ai khoj up to 1.12.x /online cross site scripting (GHSA-h2q2-vch3-72qm)