PT-2025-21866 · Sourcecodester · Sourcecodester Student Management System

S0L42

Publicado

2025-05-18

Atualizado

2025-05-19

CVE-2025-4898

CVSS v2.0

5.5

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Result Management System version 1.0

Description: A critical issue has been identified, affecting the unlink function of the update system.php file in the Logo File Handler component. The manipulation of the old logo argument leads to path traversal. This issue can be exploited remotely.

Recommendations: For SourceCodester Student Result Management System version 1.0, consider disabling the unlink function in the update system.php file until a patch is available. Restrict access to the Logo File Handler component to minimize the risk of exploitation. Avoid using the old logo argument in the affected function until the issue is resolved.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2025-4898

Produtos afetados

Sourcecodester Student Management System

PT-2025-21866 · Sourcecodester · Sourcecodester Student Management System

CVE-2025-4898

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10