CVE-2025-70151

Name of the Vulnerable Software and Affected Versions code-projects Scholars Tracking System version 1.0

Description An authenticated attacker can achieve remote code execution through unrestricted file upload. The update profile picture.php and upload picture.php endpoints store uploaded files in a web-accessible uploads/ directory, using the original filename provided by the user without validating the file type or extension. An attacker can upload a PHP file and then request it from /uploads/, enabling the execution of arbitrary PHP code as the web server user.

Recommendations Apply restrictions to file uploads, including validating file types and extensions. Ensure uploaded files are not stored in a web-accessible directory. Rename uploaded files to prevent direct access and execution.