CVE-2025-4898
SourceCodester Student Result Management System Logo File update_system.php unlink path traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects the function unlink of the file update_system.php of the component Logo File Handler. The manipulation of the argument old_logo leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
In SourceCodester Student Result Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion unlink der Datei update_system.php der Komponente Logo File Handler. Mit der Manipulation des Arguments old_logo mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2025-05-17 CVE Reserved
- 2025-05-18 CVE Published
- 2025-05-19 CVE Updated
- 2025-05-19 First Exploit
- 2025-06-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://vuldb.com/?id.309454 | Technical Description | |
https://vuldb.com/?submit.578036 | Third Party Advisory | |
https://www.sourcecodester.com | Product |
URL | Date | SRC |
---|---|---|
https://magnificent-dill-351.notion.site/Arbitrary-File-Delete-in-SRMS-1-0-1f4c693918ed80de80b0e7925ddbdadc | 2025-05-19 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
SourceCodester Search vendor "SourceCodester" | Student Result Management System Search vendor "SourceCodester" for product "Student Result Management System" | 1.0 Search vendor "SourceCodester" for product "Student Result Management System" and version "1.0" | en |
Affected
|