CVE-2025-11347 MEDIUM

CVE-2025-11347: code-projects Student Crud Operation Add Student Page/Edit Student add.php move_uploaded_file unrestricted upload

Vendor Code-Projects
Product Student Crud Operation
Weakness CWE-434 · Unrestricted file upload
Published October 7, 2025
Last update October 7, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used.

Key dates

02Disclosure timeline

October 7, 2025 CVE published
October 7, 2025 Record updated