Home

Description

EN DE

A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit is now public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

In ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59 ist eine Schwachstelle entdeckt worden. Betroffen ist eine unbekannte Verarbeitung der Datei /assets/changeSllyabus.php. Die Bearbeitung des Arguments File verursacht unrestricted upload. Es ist möglich, den Angriff aus der Ferne durchzuführen. Der Exploit steht zur öffentlichen Verfügung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verfügbar.

PUBLISHED Reserved 2025-10-12 | Published 2025-10-13 | Updated 2025-10-14 | Assigner VulDB




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
HIGH: 7.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
7.5AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Unrestricted Upload

Improper Access Controls

Product status

6b6fae5426044f89c08d0dd101c7fa71f9042a59
affected

Timeline

2025-10-12:Advisory disclosed
2025-10-12:VulDB entry created
2025-10-12:VulDB entry last update

Credits

yuc1 (VulDB User) reporter

References

vuldb.com/?id.328075 (VDB-328075 | ProjectsAndPrograms School Management System changeSllyabus.php unrestricted upload) vdb-entry technical-description

vuldb.com/?ctiid.328075 (VDB-328075 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.665605 (Submit #665605 | https://oranbyte.com/ ProjectsAndPrograms/school-management-system 1.0 Unauthenticated Arbitrary File Upload to RCE) third-party-advisory

github.com/qqy-123/cve/issues/3 exploit issue-tracking

cve.org (CVE-2025-11658)

nvd.nist.gov (CVE-2025-11658)

Download JSON