PT-2025-41748 · Unknown · Projectsandprograms School Management System
Qqy-123
+1
·
Published
2025-10-13
·
Updated
2025-10-18
·
CVE-2025-11659
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ProjectsAndPrograms School Management System versions prior to 6b6fae5426044f89c08d0dd101c7fa71f9042a59
Description
A security issue exists in ProjectsAndPrograms School Management System related to unrestricted file upload. This is due to insufficient validation of the
File argument within the /assets/uploadNotes.php functionality. This allows remote attackers to upload malicious files. The exploit for this issue has been published.Recommendations
Update ProjectsAndPrograms School Management System to version 6b6fae5426044f89c08d0dd101c7fa71f9042a59 or later.
Exploit
Fix
Unrestricted File Upload
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Projectsandprograms School Management System