Login Sign Up

CVE-2021-25200

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This CVE describes an arbitrary file upload vulnerability in SourceCodester Learning Management System v1.0, allowing attackers to upload malicious files to execute arbitrary code on the server. It affects users running this specific version of the software, potentially leading to full system compromise.

💻 Affected Systems

Products:
  • SourceCodester Learning Management System
Versions: v1.0
Operating Systems: Any OS running the software (e.g., Windows, Linux)
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability is in the student_avatar.php file; default installations are likely vulnerable.

📦 What is this software?

Learning Management System by Learning Management System Project

View all CVEs affecting Learning Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full remote code execution leading to complete system takeover, data theft, or deployment of ransomware.

🟠

Likely Case

Attackers upload web shells to gain persistent access, steal sensitive data, or pivot to other systems.

🟢

If Mitigated

With proper file upload validation and server hardening, impact is limited to denial-of-service or minor data exposure.

🌐 Internet-Facing: HIGH, as the vulnerability is exploitable via a web interface accessible from the internet.
🏢 Internal Only: MEDIUM, as internal attackers could exploit it if the system is not properly segmented.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation involves uploading a malicious file via the student avatar feature; public references suggest it's straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch; consider upgrading to a newer version if available, or apply workarounds.

🔧 Temporary Workarounds

Restrict File Uploads

all

Implement server-side validation to allow only specific file types (e.g., images) and sanitize filenames.

Modify student_avatar.php to include file type and extension checks.

Disable Vulnerable Endpoint

all

Temporarily disable or restrict access to the student_avatar.php file.

Use web server config (e.g., .htaccess for Apache) to block access to /lms/student_avatar.php.

🧯 If You Can't Patch

  • Implement network segmentation to isolate the system and limit access.
  • Deploy a web application firewall (WAF) with rules to block malicious file uploads.

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a non-image file (e.g., .php) to the student avatar upload feature and check if it's accepted.

Check Version:

Check the software version in the system's admin panel or configuration files.

Verify Fix Applied:

After applying workarounds, test that only allowed file types are accepted and malicious uploads are blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to student_avatar.php, especially with non-image extensions.

Network Indicators:

  • HTTP POST requests to /lms/student_avatar.php with suspicious file content.

SIEM Query:

source="web_logs" AND uri="/lms/student_avatar.php" AND method="POST" AND file_extension NOT IN ("jpg", "png", "gif")

📊 Metadata

CVE ID: CVE-2021-25200
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: July 30, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-25200, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)