CVE-2021-46013
Description
Unrestricted file upload in Sourcecodester Free School Management Software 1.0 allows remote attackers to upload a PHP webshell and execute arbitrary commands on the web server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unrestricted file upload in Sourcecodester Free School Management Software 1.0 allows remote attackers to upload a PHP webshell and execute arbitrary commands on the web server.
Vulnerability
An unrestricted file upload vulnerability exists in Sourcecodester Free School Management Software version 1.0. The application fails to validate the file type during the upload process in the /admin/examQuestion page. An attacker can upload a PHP file containing arbitrary code, such as <?php system($_GET["cmd"]); ?>, which is then stored in the /uploads/exam_question/ directory and made accessible to all users [1].
Exploitation
An attacker needs network access to the web application and must be authenticated (or able to reach the upload functionality). The steps involve navigating to the "ADD NEW QUESTION PAPER" section, uploading a PHP webshell via the file upload field, and saving. The uploaded file can then be accessed at http://localhost/uploads/exam_question/.php?cmd= to execute arbitrary system commands [1].
Impact
Successful exploitation allows an attacker to achieve remote code execution (RCE) on the web server with the privileges of the web server process. This can lead to full compromise of the server, including data exfiltration, modification, or further lateral movement within the network [1].
Mitigation
As of the publication date (2022-01-18), no official patch has been released by the vendor. The software is no longer maintained (EOL). Mitigation includes restricting access to the upload directory, implementing file type validation, or disabling PHP execution in the uploads directory via server configuration. Users should consider migrating to a supported alternative.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Sourcecodester/Free school management softwaredescription
- Range: = 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Unrestricted file upload: the application does not validate the file type, extension, or content before saving uploaded files to the web-accessible `/uploads/exam_question/` directory."
Attack vector
An attacker first navigates to `/admin/examQuestion` and clicks "ADD NEW QUESTION PAPER" to access the exam question creation form. In the file upload field labeled "upload Drag and drop a file here or click", the attacker uploads a PHP webshell (e.g., `cmd.php`) containing `<?php system($_GET["cmd"]); ?>`. The application performs no file-type or content validation, so the malicious file is accepted and saved to `/uploads/exam_question/`. The attacker then accesses the uploaded file directly via its URL (e.g., `http://localhost/uploads/exam_question/cmd.php?cmd=phpinfo()`) to achieve remote code execution on the web server [ref_id=1].
Affected code
The vulnerable page is `/admin/examQuestion` and the file upload is handled by the endpoint `POST /admin/examQuestion/create`. Uploaded files are stored in the `/uploads/exam_question/` directory without any validation of file type or content [ref_id=1].
What the fix does
No patch is provided in the bundle. The advisory does not specify any remediation steps from the vendor. To close this vulnerability, the application should validate uploaded files by checking the MIME type, file extension against an allowlist (e.g., only image or document types), and file content to reject executable scripts such as PHP files. Additionally, the upload directory should be configured to prevent script execution (e.g., via `.htaccess` or web server rules) [ref_id=1].
Preconditions
- networkAttacker must have access to the /admin/examQuestion page (no authentication bypass is described, but the exploit assumes the attacker can reach the admin interface)
- configThe web server must have PHP execution enabled for files in the /uploads/exam_question/ directory
Reproduction
1. Navigate to `http://localhost/admin/examQuestion` and click "ADD NEW QUESTION PAPER". 2. In the file upload field, upload a PHP webshell containing `<?php system($_GET["cmd"]); ?>` (e.g., name the file `cmd.php`). 3. Click "Save". 4. Access `http://localhost/uploads/exam_question/cmd.php?cmd=phpinfo()` to execute arbitrary PHP commands [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- www.exploit-db.com/exploits/50587mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.