Primary

Context

QueryMine SMS Unrestricted File Upload Vulnerability in Background Management Component

Vulnerability

A remote code execution vulnerability has been identified in QueryMine SMS versions prior to 7ab5a9ea196209611134525ffc18de25c57d9593. The issue arises in the Background Management Page, specifically within the admin/addteacher.php file. The vulnerability allows for unrestricted file uploads by manipulating the 'image' argument, enabling attackers to upload malicious files that could be executed on the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the server, where uploaded malicious files can be executed, potentially leading to unauthorized access, data theft, or disruption of services.

Reproduction

To reproduce this vulnerability, upload a file through the image upload feature in the admin/addteacher.php page. The uploaded file should be a PHP script, which can then be executed via the web server.

Added: Apr 17, 2026, 1:40 PM

Updated: Apr 17, 2026, 1:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

6.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

6.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

QueryMine SMS Unrestricted File Upload Vulnerability in Background Management Component

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating