The WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". This affects many eLearning system of governments, organizations, companies and universities. The target server can be exploited without authentication.
The injection point is basePath parameter in "/teach/course/doajaxfileupload.php".
We can execute OS Command without authentication and upload the webshell to the target server.
Compromised target servers with web shells uploaded.
http://[Target Domain]
/teach/course/doajaxfileupload.php
- Tony Kuo (CHT Security)
- Tree Chiu (CHT Security)