Published: 20/11/2014 Updated: 08/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Digi Online Examination System

Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digitalvidhya digi online examination system 2.0

# Exploit Title: Digi Online Examination System Unrestricted File Upload Vulnerability # Date: 12-10-2014 # Exploit Author: Halil Dalabasmaz # Version: v20 # Software Link: codecanyonnet/item/digi-online-examination-system-does/8610180 # Software Test Link: s1digitalvidhyacom/doesv2/ # Vulnerabilities Description: ===Unrestrict ...

CWE-94 http://packetstormsecurity.com/files/129108/Digi-Online-Examination-System-2.0-Shell-Upload.html http://www.exploit-db.com/exploits/35223 https://exchange.xforce.ibmcloud.com/vulnerabilities/98662 https://nvd.nist.gov https://www.exploit-db.com/exploits/35223/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-8997

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect