CVE-2025-7412

Name of the Vulnerable Software and Affected Versions: code-projects Library System version 1.0

Description: A critical issue exists in code-projects Library System 1.0 related to unrestricted file upload. The vulnerability is located in the /user/student/profile.php file, where manipulation of the image argument allows for unrestricted uploads. This issue can be exploited remotely. The exploit has been publicly disclosed.

Recommendations: Restrict or disable the functionality associated with the /user/student/profile.php file. Avoid uploading files through the image argument until a resolution is available.