CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4912 – SourceCodester Student Result Management System Image File update_student.php path traversal
https://notcve.org/view.php?id=CVE-2025-4912
19 May 2025 — A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/core/update_student.php of the component Image File Handler. The manipulation of the argument old_photo leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://magnificent-dill-351.notion.site/Arbitrary-File-Delete-of-update_student-in-SRMS-1-0-1f5c693918ed8047ad31d03c6034b4f6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4898 – SourceCodester Student Result Management System Logo File update_system.php unlink path traversal
https://notcve.org/view.php?id=CVE-2025-4898
18 May 2025 — A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects the function unlink of the file update_system.php of the component Logo File Handler. The manipulation of the argument old_logo leads to path traversal. The attack can be initiated remotely. • https://magnificent-dill-351.notion.site/Arbitrary-File-Delete-in-SRMS-1-0-1f4c693918ed80de80b0e7925ddbdadc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4720 – SourceCodester Student Result Management System drop_student.php path traversal
https://notcve.org/view.php?id=CVE-2025-4720
15 May 2025 — A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file academic/core/drop_student.php. The manipulation of the argument img leads to path traversal. The attack can be initiated remotely. • https://github.com/Xiaoyi-ing/CVE/issues/4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49980
https://notcve.org/view.php?id=CVE-2023-49980
06 Mar 2024 — A directory listing vulnerability in Best Student Result Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization. Una vulnerabilidad de listado de directorios en Best Student Result Management System v1.0 permite a los atacantes enumerar directorios y archivos confidenciales dentro de la aplicación sin requerir autorización. • https://github.com/geraldoalcantara/CVE-2023-49980 • CWE-862: Missing Authorization •