What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through 1.93.1 (02-07-2025).
Explanation of Vulnerability in Simple Terms
02Summary
The Mojoomla School Management Joomla extension allows authenticated users to upload files without proper validation. An attacker with low-level access can upload malicious files to execute code on the site, compromise data, or take the site offline. The vulnerability affects all versions up to 1.93.1.
What an attacker can do
03Attacker Capabilities
Upload and execute malicious files to run code on the site, read sensitive data, or disable the site.
Potential impact on your site
04Site Impact
Any authenticated user can upload files that compromise your site's security, data, and availability.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the Joomla site.
Key dates
06Disclosure timeline
August 31, 2025
CVE published
April 28, 2026
Record updated