An unrestricted file upload vulnerability in the Kushan2k student-management-system allows unauthenticated attackers to upload and potentially execute arbitrary code.

The registration endpoint in service/RegisterService.php fails to properly restrict file uploads provided via the 'stimg' argument. This allows an unauthenticated attacker to upload arbitrary files, which may lead to Remote Code Execution (RCE).

This vulnerability is critical, with a CVSS score of 7.3. It allows for full system compromise if an attacker successfully uploads and executes a web shell, leading to complete unauthorized control over the server and the exposure of all sensitive student data.

Immediate Action: Apply vendor updates immediately to restrict file types and validate uploads at the Registration Endpoint.

Proactive Monitoring: Audit the server's upload directories for suspicious file types (e.g., .php, .exe, .sh) and monitor for unexpected file creation events.

Compensating Controls: Configure the web server to disable script execution in user-uploaded directories and implement a strict allow-list for file extensions and MIME types.

Public Exploit Available: true

Immediate action is required to close the file upload vulnerability. Administrators must ensure that the registration service is not accepting arbitrary files and should move to the latest patched version to fully mitigate the risk of RCE.