Impact
The vulnerability is an unrestricted upload of dangerous file types, allowing an attacker to place a web shell onto the web server. This represents a severe security flaw because it gives the attacker the ability to execute arbitrary code, potentially leading to full system compromise. The weakness is classified as CWE‑434. The impact is therefore catastrophic, enabling attackers to gain remote code execution and effectively control the compromised site.
Affected Systems
The affected system is the Academy LMS Pro plugin developed by Kodezen LLC. Any installation of the plugin that is older than version 3.5.2 is vulnerable. No other versions or products are listed as affected.
Risk and Exploitability
The CVSS score is 8, indicating high severity. The EPSS score is less than 1 %, suggesting that exploitation in the wild is low but not impossible. The vulnerability is not listed in the CISA KEV catalog. The attack is inferred to require authentication with file‑upload privileges—likely an administrator or user with permission to add resources—though the description does not explicitly state the exact prerequisites. If the attacker can perform the upload, the server will accept the file and the web shell can be invoked. No public exploits are identified in the provided data, but the severe nature of the flaw demands prompt action.
OpenCVE Enrichment