CVE-2025-60500
🔴 HIGHQDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate You...
Description
Request Expert ReviewQDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a web-accessible directory.
CVSS Scores
References
Additional Information
- Source
- cve@mitre.org
- State
- Awaiting analysis
Related CVEs
CVE-2025-62689
HIGHNULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master bra...
CVE-2025-59777
HIGHNULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master bra...
CVE-2025-12932
MEDIUMA vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file /admin.php?id=...
CVE-2025-12931
MEDIUMA vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/...
CVE-2025-12613
HIGHVersions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing...
CVE-2025-12930
MEDIUMA vulnerability has been found in SourceCodester Food Ordering System 1.0. Affected is an unknown function of the file /view-ticket.php. The manipulat...
Share CVE-2025-60500
Share on Social Media
Copy Link
Embed Code
Request Expert Analysis
Request a professional security analysis for CVE-2025-60500 from our verified experts.
Credits System
Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!