Primary

Context

Ventem e-School Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

A vulnerability allowing arbitrary file upload has been identified in the e-School platform by Ventem. This issue enables unauthenticated remote attackers to upload and execute web shell backdoors, facilitating arbitrary code execution on the server. The vulnerability arises from insufficient validation of uploaded files, allowing malicious scripts to be executed on the server.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the server, potentially allowing attackers to execute arbitrary commands or scripts with the same privileges as the web server user.

Remediation

Schools using the e-School platform on-premises should contact Ventem to check for available updates. Alternatively, consider restricting access to the campus network only.

Added: Jul 30, 2025, 4:29 AM

Updated: Jul 30, 2025, 4:29 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ventem e-School Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating