A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file academic/core/drop_student.php. The manipulation of the argument img leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://github.com/Xiaoyi-ing/CVE/issues/4 | Exploit Issue Tracking Third Party Advisory |
| https://github.com/Xiaoyi-ing/CVE/issues/4 | Exploit Issue Tracking Third Party Advisory |
| https://vuldb.com/?ctiid.309022 | Permissions Required VDB Entry |
| https://vuldb.com/?id.309022 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.569855 | Third Party Advisory VDB Entry |
| https://www.sourcecodester.com/ | Product |
Configurations
History
27 May 2025, 14:13
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Munyweki
Munyweki student Result Management System |
|
| References | () https://www.sourcecodester.com/ - Product | |
| References | () https://vuldb.com/?submit.569855 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?ctiid.309022 - Permissions Required, VDB Entry | |
| References | () https://github.com/Xiaoyi-ing/CVE/issues/4 - Exploit, Issue Tracking, Third Party Advisory | |
| References | () https://vuldb.com/?id.309022 - Third Party Advisory, VDB Entry | |
| CPE | cpe:2.3:a:munyweki:student_result_management_system:1.0:*:*:*:*:*:*:* |
16 May 2025, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
| CWE |
15 May 2025, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-05-15 21:15
Updated : 2025-05-27 14:13
NVD link : CVE-2025-4720
Mitre link : CVE-2025-4720
JSON object : View
Products Affected
munyweki
- student_result_management_system
CWE
No CWE.