PT-2025-41748 · Unknown · Projectsandprograms School Management System

Qqy-123

Publicado

2025-10-13

Atualizado

2025-10-18

CVE-2025-11659

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ProjectsAndPrograms School Management System versions prior to 6b6fae5426044f89c08d0dd101c7fa71f9042a59

Description A security issue exists in ProjectsAndPrograms School Management System related to unrestricted file upload. This is due to insufficient validation of the File argument within the /assets/uploadNotes.php functionality. This allows remote attackers to upload malicious files. The exploit for this issue has been published.

Recommendations Update ProjectsAndPrograms School Management System to version 6b6fae5426044f89c08d0dd101c7fa71f9042a59 or later.

Exploit

Correção

Unrestricted File Upload

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434CWE-284

Identificadores relacionados

CVE-2025-11659

Produtos afetados

Projectsandprograms School Management System

PT-2025-41748 · Unknown · Projectsandprograms School Management System

CVE-2025-11659

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15