Vulnerability Database

315,363

Total vulnerabilities in the database

CVE-2020-28072

A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE.

Published: Dec 15, 2020
Updated: Nov 16, 2025
CVE: CVE-2020-28072
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
alumni_management_system_project / alumni_management_system	1.0	1.0.x

http://packetstormsecurity.com/files/160508/Alumni-Management-System-1.0-Shell-Upload.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo