PT-2025-37447 · Unknown · 1000Projects Online Project Report Submission/Evaluation System
Ustc-L1Nk
·
Published
2025-09-15
·
Updated
2025-09-18
·
CVE-2025-10424
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
1000projects Online Student Project Report Submission and Evaluation System version 1.0
Description
A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an unknown function of the file
/admin/controller/faculty controller.php. Manipulation of the argument new image causes unrestricted upload, and the attack is possible to be carried out remotely. The exploit has been publicly disclosed.Recommendations
Restrict access to the file
/admin/controller/faculty controller.php to prevent unauthorized uploads.
As a temporary workaround, consider restricting the use of the new image argument in the affected function until a patch is available.Exploit
Fix
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
1000Projects Online Project Report Submission/Evaluation System