CVE-2025-11657
BaseFortify
Publication date: 2025-10-13
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oranbyte | school_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unauthenticated arbitrary file upload flaw in the ProjectsAndPrograms School Management System, specifically in the /assets/createNotice.php component. It occurs because the endpoint does not enforce authentication or properly validate uploaded files, allowing remote attackers to upload malicious files such as PHP scripts. These uploaded files can be executed on the server, leading to remote code execution (RCE) with the privileges of the web server user. [1, 2, 3]
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to severe impacts including remote code execution on the server, full server compromise, unauthorized access to sensitive data such as personally identifiable information (PII) of students and staff, academic records, and system credentials. Attackers can modify or delete website content, disrupt services, and use the compromised server as a foothold for further attacks. This can cause reputational damage and operational disruption. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable endpoint /assets/createNotice.php on your web server and monitoring for suspicious file upload activity, especially uploads to the /notesUploads/ directory. You can use web server access logs to identify POST requests to /assets/createNotice.php with multipart/form-data content. Additionally, searching for uploaded PHP files in the /notesUploads/ directory can indicate exploitation. Commands to help detect this include: 1. Using curl to test the endpoint: curl -v -F "[email protected]" http://yourserver/assets/createNotice.php 2. Searching for suspicious PHP files in the upload directory: find /path/to/webroot/notesUploads/ -name "*.php" 3. Checking web server logs for POST requests to the vulnerable endpoint: grep "/assets/createNotice.php" /var/log/apache2/access.log | grep POST 4. Using Google dorking to identify exposed endpoints externally: inurl:assets/createNotice.php These steps help identify if the vulnerable upload endpoint is accessible and if malicious files have been uploaded. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Enforce authentication on the /assets/createNotice.php endpoint to prevent unauthenticated access. 2. Implement strict server-side file validation by whitelisting safe file extensions (e.g., .pdf, .docx, .txt) and validating MIME types. 3. Rename uploaded files to random names without executable extensions to prevent direct execution. 4. Store uploaded files outside the web root or configure the web server to deny execution permissions in the upload directory (/notesUploads/). 5. If possible, replace or update the affected component or product since no known patches are documented. These steps reduce the risk of arbitrary file upload and remote code execution exploitation. [3]