CVE-2023-5636
9.8 CRITICALUnrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection
Published: 2023-12-01 · Last updated: 2026-05-20
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-434
Affected products
| Vendor | Product |
|---|---|
| arslansoft_education_portal_project | arslansoft_education_portal |
Description
Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection. This issue affects Education Portal: before v1.1.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2023-5637 — Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Exec... (7.5 HIGH)
- CVE-2023-5635 — Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ArslanSoft Education Portal allows Account Footprinting (7.5 HIGH)
- CVE-2023-5634 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ArslanSoft Education Portal allows ... (9.8 CRITICAL)
Same CWE
- CVE-2026-53724 — Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js
- CVE-2026-6211 — Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc (8.7 HIGH)
- CVE-2026-53787 — Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows un... (9.8 CRITICAL)
- CVE-2026-46489 — SolidInvoice is an open-source invoicing platform (8.1 HIGH)
- CVE-2026-11839 — Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc (9.9 CRITICAL)