CVE-2024-13134 | ZeroWdd studentmanager 1.0 TeacherController. java addTeacher/editTeacher file unrestricted upload

Posted by Angelo Barbosa | Jan 4, 2025 | CVE

A vulnerability, which was classified as critical, was found in ZeroWdd studentmanager 1.0. Affected is the function addTeacher/editTeacher of the file src/main/Java/com/wdd/studentmanager/controller/TeacherController. java. The manipulation of the argument file leads to unrestricted upload.

This vulnerability is traded as CVE-2024-13134. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2024-13134 | ZeroWdd studentmanager 1.0 TeacherController. java addTeacher/editTeacher file unrestricted upload

Related Posts

CVE-2024-43857 | Linux Kernel up to 6.10.2 f2fs is_end_zone_blkaddr null pointer dereference (381cbe85592c/c82bc1ab2a8a)

CVE-2023-50948 | IBM Storage Fusion HCI up to 2.6.1 hard-coded password (XFDB-275671)

CVE-2023-51679 | BulkGate SMS Plugin for WooCommerce up to 3.0.2 on WordPress authorization

CVE-2024-48049 | Mighty Plugins Mighty Builder Plugin up to 1.0.2 on WordPress cross site scripting