CVE-2020-23828

Published: Sep 15, 2020Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo.

Affected (1)

Products: Online Course Registration Project: Online Course Registration

Online Course Registration Project

1 product

Online Course Registration

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Online Course Registration Project Online Course Registration	Version 1.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://www.exploit-db.com/exploits/48704

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.sourcecodester.com/php/14251/online-course-registration.html

Source: cve@mitre.org

ExploitVendor Advisory

https://www.exploit-db.com/exploits/48704

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.sourcecodester.com/php/14251/online-course-registration.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.