Sweetsour

**Name of the Vulnerable Software and Affected Versions** Kushan2k student-management-system versions up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a **Description** An unrestricted file upload flaw exists in the Registration Endpoint within the `service/RegisterService.php` file. A remote attacker can achieve this by manipulating the `stimg` argument. **Recommendations** Update Kushan2k student-management-system to a version later than f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. As a temporary workaround, restrict access to the Registration Endpoint or avoid using the `stimg` argument until a fix is applied.