📦 Markus

This vulnerability allows instructors to achieve arbitrary file write on the server by uploading specially crafted zip files. Attackers could write malicious files anywhere the application has write p...

This vulnerability allows authenticated instructors in MarkUs to write arbitrary files to any location on the web server, potentially leading to remote code execution. It affects MarkUs versions prior...

MarkUs versions before 2.9.1 contain an authorization bypass vulnerability where users can access arbitrary student submission files by manipulating the select_file_id parameter. This allows unauthori...