Description
A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an unknown function of the file /admin/controller/faculty_controller.php. This manipulation of the argument new_image causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
In 1000projects Online Student Project Report Submission and Evaluation System 1.0 wurde eine Schwachstelle gefunden. Dies betrifft einen unbekannten Teil der Datei /admin/controller/faculty_controller.php. Durch Beeinflussen des Arguments new_image mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit ist öffentlich verfügbar und könnte genutzt werden.
Problem types
Product status
Timeline
| 2025-09-14: | Advisory disclosed |
| 2025-09-14: | VulDB entry created |
| 2025-09-14: | VulDB entry last update |
Credits
USTC-l1nk (VulDB User)
References
vuldb.com/?id.323858 (VDB-323858 | 1000projects Online Student Project Report Submission and Evaluation System faculty_controller.php unrestricted upload)
vuldb.com/?ctiid.323858 (VDB-323858 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/?submit.647173 (Submit #647173 | 1000projects.org Online Student Project Report Submission and Evaluation System v1.0 File unrestricted upload)
vuldb.com/?submit.647176 (Submit #647176 | 1000projects.org Online Student Project Report Submission and Evaluation System PHP Project v1.0 File unrestricted upload (Duplicate))
github.com/lan041221/cvec/issues/22
