CVE-2025-7413

Name of the Vulnerable Software and Affected Versions: code-projects Library System version 1.0

Description: A critical vulnerability exists in code-projects Library System 1.0, allowing for unrestricted file upload. The issue is located in the /user/teacher/profile.php file, where manipulation of the image argument enables malicious uploads. This attack can be initiated remotely. The exploit details have been publicly disclosed.

Recommendations: As a temporary workaround, consider restricting or disabling file upload functionality to the /user/teacher/profile.php file until a patch is available.