Описание
A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used.
A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-11347
- https://code-projects.org
- https://github.com/romatdibrohiksnov/vulndb.com/tree/main/Student-Registration-Crud-Operation%20Unauthenticated%20Arbitrary%20File%20Upload%20leads%20to%20Remote%20Code%20Execution
- https://vuldb.com/?ctiid.327232
- https://vuldb.com/?id.327232
- https://vuldb.com/?submit.664897
EPSS
5.5 Medium
CVSS4
7.3 High
CVSS3
CVE ID
Дефекты
Связанные уязвимости
A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used.
EPSS
5.5 Medium
CVSS4
7.3 High
CVSS3