PT-2025-30936 · Unknown · Code-Projects Document Management System
Mawenjie
·
Published
2025-07-25
·
Updated
2025-08-05
·
CVE-2025-8171
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
code-projects Document Management System version 1.0
Description
A critical issue has been found in code-projects Document Management System that allows for unrestricted file upload through manipulation of the
uploaded file argument in the /insert.php endpoint. The attack can be initiated remotely. The exploit has been publicly disclosed.Recommendations
Address the unrestricted upload issue in the processing of the
/insert.php file.
Sanitize or validate the uploaded file argument to prevent malicious file uploads.Exploit
Fix
Unrestricted File Upload
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Code-Projects Document Management System