PT-2025-21866 · Sourcecodester · Sourcecodester Student Management System
S0L42
·
Published
2025-05-18
·
Updated
2025-05-19
·
CVE-2025-4898
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
SourceCodester Student Result Management System version 1.0
Description:
A critical issue has been identified, affecting the
unlink function of the update system.php file in the Logo File Handler component. The manipulation of the old logo argument leads to path traversal. This issue can be exploited remotely.Recommendations:
For SourceCodester Student Result Management System version 1.0, consider disabling the
unlink function in the update system.php file until a patch is available. Restrict access to the Logo File Handler component to minimize the risk of exploitation. Avoid using the old logo argument in the affected function until the issue is resolved.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Student Management System