CVE-2025-11347

Summary

A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used.

Affected Software

VendorProductVersion RangeStatus
code-projectsStudent Crud Operation3.0affected
code-projectsStudent Crud Operation3.1affected
code-projectsStudent Crud Operation3.2affected
code-projectsStudent Crud Operation3.3affected

Weaknesses

  • CWE-434: Unrestricted Upload
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References