Yuc1

**Name of the Vulnerable Software and Affected Versions** ProjectsAndPrograms School Management System (affected versions not specified) **Description** A security weakness exists in ProjectsAndPrograms School Management System up to commit `6b6fae5426044f89c08d0dd101c7fa71f9042a59`. The issue is related to unrestricted file upload, resulting from unsanitized manipulation of the `File` argument in the `/assets/editNotes.php` file. The attack can be launched remotely. The exploit has been made publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ProjectsAndPrograms School Management System versions prior to 6b6fae5426044f89c08d0dd101c7fa71f9042a59 **Description** A security flaw exists in ProjectsAndPrograms School Management System that allows unrestricted file upload. The issue is located in the `/assets/createNotice.php` script, specifically in the handling of the `File` argument. This allows a remote attacker to upload malicious files. The exploit has been publicly disclosed. **Recommendations** Update ProjectsAndPrograms School Management System to a version later than 6b6fae5426044f89c08d0dd101c7fa71f9042a59.

**Name of the Vulnerable Software and Affected Versions** ProjectsAndPrograms School Management System (affected versions not specified) **Description** A flaw exists in ProjectsAndPrograms School Management System that allows for unrestricted file upload. The issue is located in the `/assets/changeSllyabus.php` file, where an unknown function does not properly handle the `File` argument. This allows attackers to upload arbitrary files remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ProjectsAndPrograms School Management System versions prior to 6b6fae5426044f89c08d0dd101c7fa71f9042a59 **Description** A security issue exists in ProjectsAndPrograms School Management System related to unrestricted file upload. This is due to insufficient validation of the `File` argument within the `/assets/uploadNotes.php` functionality. This allows remote attackers to upload malicious files. The exploit for this issue has been published. **Recommendations** Update ProjectsAndPrograms School Management System to version 6b6fae5426044f89c08d0dd101c7fa71f9042a59 or later.

**Name of the Vulnerable Software and Affected Versions** ProjectsAndPrograms School Management System versions prior to 6b6fae5426044f89c08d0dd101c7fa71f9042a59 **Description** A flaw exists in ProjectsAndPrograms School Management System that allows for unrestricted file upload due to insufficient input validation. The issue is related to the `/assets/uploadSllyabus.php` file and the `File` argument. This allows an attacker to upload malicious files, potentially including web shells or malware, and execute code remotely. The exploit has been publicly disclosed. **Recommendations** Versions prior to 6b6fae5426044f89c08d0dd101c7fa71f9042a59 should be updated. As a temporary workaround, restrict access to the `/assets/uploadSllyabus.php` file.

**Name of the Vulnerable Software and Affected Versions** ProjectsAndPrograms School Management System versions prior to commit hash 6b6fae5426044f89c08d0dd101c7fa71f9042a59 **Description** A flaw exists in ProjectsAndPrograms School Management System that allows attackers to bypass authentication. This is achieved through manipulation of the system and can be carried out remotely. The exploit has been made public. **Recommendations** Update ProjectsAndPrograms School Management System to a version beyond commit hash 6b6fae5426044f89c08d0dd101c7fa71f9042a59.