File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint.
GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.