PT-2025-41749 · Unknown · Projectsandprograms School Management System
Qingyuan Qin
+2
·
Published
2025-10-13
·
Updated
2025-10-20
·
CVE-2025-11660
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ProjectsAndPrograms School Management System versions prior to 6b6fae5426044f89c08d0dd101c7fa71f9042a59
Description
A flaw exists in ProjectsAndPrograms School Management System that allows for unrestricted file upload due to insufficient input validation. The issue is related to the
/assets/uploadSllyabus.php file and the File argument. This allows an attacker to upload malicious files, potentially including web shells or malware, and execute code remotely. The exploit has been publicly disclosed.Recommendations
Versions prior to 6b6fae5426044f89c08d0dd101c7fa71f9042a59 should be updated. As a temporary workaround, restrict access to the
/assets/uploadSllyabus.php file.Exploit
Fix
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Projectsandprograms School Management System