PT-2025-40957 · Code Projects · Student Crud Operation

Px_Kanten

Published

2025-10-07

Updated

2025-10-14

CVE-2025-11347

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Student Crud Operation versions up to 3.3

Description A flaw exists in code-projects Student Crud Operation that allows for unrestricted file uploads. This is due to manipulation of the move uploaded file function within the add.php file, specifically in the Add Student Page/Edit Student Page component. The issue can be exploited remotely. The exploit has been publicly disclosed.

Recommendations Versions prior to 3.4 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-11347

Affected Products

Student Crud Operation

PT-2025-40957 · Code Projects · Student Crud Operation

CVE-2025-11347

Weakness Enumeration

Related Identifiers

Affected Products

References · 13