Authored by Valerio Alessandroni

Alumni Management System version 1.0 suffers from a remote shell upload vulnerability.

advisories | CVE-2020-28072

# Exploit Title: Remote Code Execution on Alumni Management System 
# Date: 23/10/2020
# Exploit Author: Valerio Alessandroni
# Vendor Homepage:
# Software Link: ource-code.html
# Version: 1.0
# Tested on: ubuntu 18.04
# CVE : CVE-2020-28072
# Description:

# Reproduction:

- Log in the administration panel, through,
- upload a malicious php file using the form in the page.
- Executes command via the uploaded file[ID]_img.php
- The [ID] is a variable progressive number, it can be found in the html source code in the same page