CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-60500

QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a web-accessible directory.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 15.9%

CVSS Severity

CVSS v3 Score 7.2

References

https://github.com/H4zaz/CVE-2025-60500

Products affected by CVE-2025-60500

Qdocs » Smart School » Version: 7.1.0

cpe:2.3:a:qdocs:smart_school:7.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-60500

Products

Pricing

Contact Us