Home

Description

EN DE

A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createNotice.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

In ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59 wurde eine Schwachstelle gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /assets/createNotice.php. Die Veränderung des Parameters File resultiert in unrestricted upload. Ein Angriff ist aus der Distanz möglich. Die Ausnutzung wurde veröffentlicht und kann verwendet werden. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden.

PUBLISHED Reserved 2025-10-12 | Published 2025-10-13 | Updated 2025-10-14 | Assigner VulDB




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
HIGH: 7.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
7.5AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Unrestricted Upload

Improper Access Controls

Product status

6b6fae5426044f89c08d0dd101c7fa71f9042a59
affected

Timeline

2025-10-12:Advisory disclosed
2025-10-12:VulDB entry created
2025-10-12:VulDB entry last update

Credits

yuc1 (VulDB User) reporter

References

vuldb.com/?id.328074 (VDB-328074 | ProjectsAndPrograms School Management System createNotice.php unrestricted upload) vdb-entry technical-description

vuldb.com/?ctiid.328074 (VDB-328074 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.665604 (Submit #665604 | https://oranbyte.com/ ProjectsAndPrograms/school-management-system 1.0 Unauthenticated Arbitrary File Upload to RCE) third-party-advisory

github.com/qqy-123/cve/issues/2 exploit issue-tracking

cve.org (CVE-2025-11657)

nvd.nist.gov (CVE-2025-11657)

Download JSON