CVE-2020-28130

Summary: 
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).
Published: 
Tuesday, November 17, 2020 - 21:15
cvss: 
5.0