PT-2026-30195 · Unknown · Projectsandprograms School Management System
Sudosme
·
Published
2026-04-03
·
Updated
2026-04-03
·
CVE-2026-5472
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ProjectsAndPrograms School Management System versions prior to 6b6fae5426044f89c08d0dd101c7fa71f9042a59
Description
A flaw exists in ProjectsAndPrograms School Management System that allows for unrestricted file upload. The issue is located in the Profile Picture Handler component, specifically within an unknown function of the
/admin panel/settings.php file. Manipulation of the File argument enables this unrestricted upload. Remote exploitation is possible. The exploit has been published.Recommendations
Update to version 6b6fae5426044f89c08d0dd101c7fa71f9042a59 or later.
Exploit
Fix
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Projectsandprograms School Management System