CVE-2025-11658
BaseFortify
Publication date: 2025-10-13
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oranbyte | school_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unauthenticated arbitrary file upload issue in the School Management System's /assets/changeSllyabus.php endpoint. Attackers can upload malicious files, such as PHP scripts, without any authentication or proper file validation. These files are stored in a publicly accessible directory and can be executed remotely, allowing attackers to run arbitrary code on the server. [1]
How can this vulnerability impact me? :
The vulnerability can lead to full remote code execution on the web server, resulting in complete server compromise. Attackers may access sensitive data including personally identifiable information (PII), academic records, and system credentials. It can also cause disruption of services and damage the reputation of the affected institution. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can lead to exposure of sensitive personal data such as PII and academic records, which may result in non-compliance with data protection regulations like GDPR and HIPAA. Unauthorized access and data breaches caused by this vulnerability could trigger legal and regulatory consequences. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of uploaded files with dangerous extensions (e.g., .php) in the /syllabusUploads/ directory. You can look for suspicious files by listing files in that directory on the server. Additionally, monitoring HTTP POST requests to /assets/changeSllyabus.php with multipart/form-data containing a file parameter can help detect exploitation attempts. Example commands include: 1) On the server, run `ls -l /path/to/syllabusUploads/*.php` to find potentially malicious PHP files. 2) Use web server logs or network monitoring tools to search for POST requests to /assets/changeSllyabus.php. 3) Use grep on logs: `grep 'POST /assets/changeSllyabus.php' /var/log/apache2/access.log` or equivalent. 4) Check for web shells by accessing URLs like http://yourserver/syllabusUploads/*.php and verifying unexpected behavior. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Enforce authentication on the /assets/changeSllyabus.php endpoint to prevent unauthenticated uploads. 2) Implement strict file validation by allowing only safe file extensions such as .pdf, .docx, and .txt. 3) Validate MIME types of uploaded files. 4) Rename uploaded files to prevent direct execution. 5) Isolate uploaded files outside the web root or configure the web server to deny execution of files in the upload directory (/syllabusUploads/). These steps will reduce the risk of arbitrary file upload and remote code execution. [1]