PT-2025-13646 · Code Projects · College Management System

Samlo

Published

2025-03-30

Updated

2025-03-31

CVE-2025-2973

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects College Management System version 1.0

Description A critical issue was found in the College Management System, affecting the /Admin/student.php file. The manipulation of the profile image argument leads to unrestricted upload. This issue can be exploited remotely.

Recommendations For version 1.0, consider disabling the file upload functionality related to the profile image argument in the /Admin/student.php file until a patch is available. Restrict access to the /Admin/student.php file to minimize the risk of exploitation. Avoid using the profile image argument in the affected file until the issue is resolved.

Exploit

Fix

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-2973

Affected Products

College Management System

PT-2025-13646 · Code Projects · College Management System

CVE-2025-2973

Weakness Enumeration

Related Identifiers

Affected Products

References · 13