CVE-2025-11347

Medium CVSS: 6.9

A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used.

Vendor

Code-projects

Product

Crud Operation System

CWE

CWE-284

Yayın Tarihi

2025-10-07 03:15:33

Güncelleme

2025-10-14 15:38:46

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-284 Crud Operation System MEDIUM Code-projects 2025

Referanslar

https://code-projects.org/ https://github.com/romatdibrohiksnov/vulndb.com/tree/main/Student-Registration-Crud-Operation%20Unauthenticated%20Arbitrary%20File%20Upload%20leads%20to%20Remote%20Code%20Execution https://vuldb.com/?ctiid.327232 https://vuldb.com/?id.327232 https://vuldb.com/?submit.664897

Benzer Kayıtlar

Medium

CVE-2026-5256

A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /m…

Medium

CVE-2026-5257

A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of…

Medium

CVE-2026-5255

A vulnerability was detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /delst…

Medium

CVE-2026-5106

A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file…

Medium

CVE-2026-4908

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the…

Medium

CVE-2026-4849

A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file…