CVE-2025-11658

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ProjectsAndPrograms School Management System (affected versions not specified)

Description A flaw exists in ProjectsAndPrograms School Management System that allows for unrestricted file upload. The issue is located in the /assets/changeSllyabus.php file, where an unknown function does not properly handle the File argument. This allows attackers to upload arbitrary files remotely. The exploit is publicly available.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-11658

Affected Products

Projectsandprograms School Management System

CVE-2025-11658

Weakness Enumeration

Related Identifiers

Affected Products

References · 13