CVE-2025-4912

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Result Management System version 1.0

Description: A critical issue has been found in the Image File Handler component of the affected system, specifically in the file /admin/core/update student.php. The manipulation of the old photo argument leads to path traversal. This issue can be exploited remotely.

Recommendations: For SourceCodester Student Result Management System version 1.0, as a temporary workaround, consider restricting access to the /admin/core/update student.php file until a patch is available. Avoid using the old photo argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.