The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and mj_smgt_load_documets() functions in all versions up to, and including, 91.5.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
History

Tue, 26 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Dasinfomedia
Dasinfomedia school Management System
CPEs cpe:2.3:a:dasinfomedia:school_management_system:*:*:*:*:*:*:*:*
Vendors & Products Dasinfomedia
Dasinfomedia school Management System
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 23 Nov 2024 07:45:00 +0000

Type Values Removed Values Added
Description The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and mj_smgt_load_documets() functions in all versions up to, and including, 91.5.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Title School Management <= 91.5.0 - Authenticated (Student+) Arbitrary File Upload
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-11-23T07:38:03.531Z

Updated: 2024-11-26T16:40:47.980Z

Reserved: 2024-10-08T20:18:10.531Z

Link: CVE-2024-9660

cve-icon Vulnrichment

Updated: 2024-11-26T16:40:39.441Z

cve-icon NVD

Status : Received

Published: 2024-11-23T08:15:04.033

Modified: 2024-11-23T08:15:04.033

Link: CVE-2024-9660

cve-icon Redhat

No data.