CVE-2020-10507

Description

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting machine.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

ALLE INFORMATION CO., LTD. / School Manage Systembefore 2020 – before 2020

References

MISChttps://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d
MISChttps://www.twcert.org.tw/tw/cp-132-3532-26d71-1.html