CVE-2021-45865
📋 TL;DR
This vulnerability allows remote attackers to upload malicious files to the Student Attendance Management System 1.0, potentially leading to remote code execution. Attackers can exploit the file upload functionality without authentication to compromise the system. All users running the vulnerable version are affected.
💻 Affected Systems
- Sourcecodester Student Attendance Management System
📦 What is this software?
Student Attendance Management System by Student Attendance Management System Project
View all CVEs affecting Student Attendance Management System →
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with remote code execution, allowing attackers to execute arbitrary commands, steal data, install malware, or pivot to other systems.
Likely Case
Webshell deployment leading to data theft, system manipulation, and potential lateral movement within the network.
If Mitigated
File upload attempts blocked or sanitized, preventing malicious file execution while maintaining legitimate functionality.
🎯 Exploit Status
Public proof-of-concept code demonstrates file upload leading to remote code execution without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch available. Consider upgrading to a newer version if available, or implement workarounds.
🔧 Temporary Workarounds
Implement File Upload Restrictions
allRestrict file uploads to specific file types and implement server-side validation
Modify upload.php to include: $allowed_extensions = ['jpg', 'png', 'pdf']; $file_extension = strtolower(pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION)); if (!in_array($file_extension, $allowed_extensions)) { die('Invalid file type'); }
Web Application Firewall Rules
allConfigure WAF to block malicious file uploads and suspicious patterns
WAF specific - configure rules to block file uploads with executable extensions (.php, .asp, .jsp, .exe) and suspicious content patterns
🧯 If You Can't Patch
- Disable file upload functionality completely if not required
- Implement network segmentation to isolate the vulnerable system from critical assets
🔍 How to Verify
Check if Vulnerable:
Attempt to upload a file with a malicious extension (e.g., test.php) to the upload endpoint. If accepted without proper validation, the system is vulnerable.Check Version:
Check the application version in the admin panel or configuration filesVerify Fix Applied:
Test file upload with various file types - only allowed extensions should be accepted, and uploaded files should be stored with randomized names in a non-executable directory.📡 Detection & Monitoring
Log Indicators:
- File upload attempts with suspicious extensions (.php, .asp, .jsp)
- Large number of file upload requests from single IP
- Successful uploads followed by HTTP requests to unusual file paths
Network Indicators:
- POST requests to upload endpoints with executable file content
- Subsequent HTTP requests to uploaded files with suspicious parameters
SIEM Query:
source=web_logs (method=POST AND uri=*upload* AND (file_extension=php OR file_extension=asp OR file_extension=jsp))