{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T14:14:15.022","vulnerabilities":[{"cve":{"id":"CVE-2020-23828","sourceIdentifier":"cve@mitre.org","published":"2020-09-15T22:15:13.317","lastModified":"2024-11-21T05:14:06.000","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo."},{"lang":"es","value":"Una vulnerabilidad de Carga de Archivos en SourceCodester Online Course Registration versión v1.0, permite a atacantes remotos alcanzar una Ejecución de Código Remota (RCE) en el servidor web de alojamiento mediante la carga de un shell web PHP diseñado que omite los filtros de carga de imágenes. Un ataque utiliza el archivo /Online%20Course%20Registration/my-profile.php con el parámetro POST photo"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:online_course_registration_project:online_course_registration:1.0:*:*:*:*:*:*:*","matchCriteriaId":"548C546F-53C6-45B2-B9ED-D573B83C1E22"}]}]}],"references":[{"url":"https://www.exploit-db.com/exploits/48704","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.sourcecodester.com/php/14251/online-course-registration.html","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/48704","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.sourcecodester.com/php/14251/online-course-registration.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}