PT-2025-51141 · Code Projects · Computer Laboratory System Version 1.0

Yohane-Mashiro

Publicado

2025-12-14

Atualizado

2025-12-14

CVE-2025-14642

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Computer Laboratory System version 1.0

Description A flaw exists in code-projects Computer Laboratory System 1.0 that allows for unrestricted file uploads through manipulation of the image argument in the technical staff pic.php file. This issue can be exploited remotely. The exploit details have been publicly disclosed.

Recommendations Apply restrictions to file uploads in the technical staff pic.php file. Sanitize the image argument to prevent unrestricted uploads. Disable or restrict access to the technical staff pic.php file as a temporary measure.

Exploit

Correção

Improper Access Control

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-434

Identificadores relacionados

CVE-2025-14642

Produtos afetados

Computer Laboratory System Version 1.0

PT-2025-51141 · Code Projects · Computer Laboratory System Version 1.0

CVE-2025-14642

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10