CVE-2025-13785
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-30
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yungifez | skuul | to 2.6.5 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the yungifez Skuul School Management System up to version 2.6.5, specifically in the Image Handler component when processing the file /user/profile. It allows an attacker to manipulate this processing remotely, leading to information disclosure.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of information from the system. Since the attack can be performed remotely, it poses a risk of sensitive data exposure without requiring physical access.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70