Vulnerability Details CVE-2025-11347
A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.6%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 7.5
References
- https://code-projects.org/
- https://github.com/romatdibrohiksnov/vulndb.com/tree/main/Student-Registration-Crud-Operation%20Unauthenticated%20Arbitrary%20File%20Upload%20leads%20to%20Remote%20Code%20Execution
- https://vuldb.com/?ctiid.327232
- https://vuldb.com/?id.327232
- https://vuldb.com/?submit.664897
Products affected by CVE-2025-11347
-
cpe:2.3:a:code-projects:crud_operation_system:1.0