Description
A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The impacted element is an unknown function of the file /admin/controller/student_controller.php. Such manipulation of the argument new_image leads to unrestricted upload. The attack may be performed from remote. The exploit is publicly available and might be used.
In 1000projects Online Student Project Report Submission and Evaluation System 1.0 ist eine Schwachstelle entdeckt worden. Dabei betrifft es einen unbekannter Codeteil der Datei /admin/controller/student_controller.php. Die Manipulation des Arguments new_image führt zu unrestricted upload. Der Angriff kann über das Netzwerk passieren. Die Ausnutzung wurde veröffentlicht und kann verwendet werden.
Problem types
Product status
Timeline
| 2025-09-14: | Advisory disclosed |
| 2025-09-14: | VulDB entry created |
| 2025-09-14: | VulDB entry last update |
Credits
USTC-l1nk (VulDB User)
References
vuldb.com/?id.323859 (VDB-323859 | 1000projects Online Student Project Report Submission and Evaluation System student_controller.php unrestricted upload)
vuldb.com/?ctiid.323859 (VDB-323859 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/?submit.647175 (Submit #647175 | 1000projects.org Online Student Project Report Submission and Evaluation System v1.0 File unrestricted upload)
vuldb.com/?submit.647177 (Submit #647177 | 1000projects.org Online Student Project Report Submission and Evaluation System PHP Project v1.0 File unrestricted upload (Duplicate))
github.com/lan041221/cvec/issues/23
