CVE-2026-5472
Unrestricted File Upload in ProjectsAndPrograms Profile Picture Handler
Publication date: 2026-04-03
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| projectsandprograms | school_management_system | to 6b6fae5426044f89c08d0dd101c7fa71f9042a59 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5472 is a vulnerability in the ProjectsAndPrograms School Management System that allows authenticated users with Admin or Teacher roles to upload malicious files through the profile picture upload feature.
Specifically, the flaw exists in the file /admin_panel/settings.php within the Profile Picture Handler component. An attacker can intercept the upload request and replace the uploaded file with a malicious PHP payload.
Once the malicious file is uploaded, the attacker can access it via a browser, causing the server to execute arbitrary PHP code remotely, potentially leading to full system compromise.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including remote code execution on the affected server.
An attacker who successfully exploits this flaw can execute arbitrary PHP code, which may lead to full system compromise.
This could result in unauthorized access to sensitive data, disruption of services, data manipulation, or further attacks within the network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and intercepting HTTP POST requests to the endpoint handling profile picture uploads, specifically at /school-management-system-main/school-management-system-main/assets/updateProfilePic.php.
Using a web proxy tool like Burp Suite, you can capture and analyze the upload requests made by authenticated Admin or Teacher users to check if arbitrary files are being uploaded.
Commands or steps to detect the vulnerability include:
- Authenticate as an Admin or Teacher user on the system.
- Use a proxy tool (e.g., Burp Suite) to intercept the POST request to the profile picture upload endpoint.
- Inspect the uploaded file parameter to see if it allows uploading of executable files such as PHP scripts.
- After upload, verify if the server response includes the path to the uploaded file.
- Attempt to access the uploaded file via a browser to check if arbitrary code execution is possible.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting the types of files that can be uploaded through the profile picture upload feature to prevent executable files such as PHP scripts.
Ensure that only authenticated and authorized users (Admin or Teacher roles) can access the upload functionality.
Implement server-side validation to verify the file type and reject any suspicious or executable files.
Consider disabling direct access to uploaded files or storing them outside the web root to prevent execution.
Monitor logs for unusual upload activity and access to uploaded files.
Apply any available patches or updates from the vendor as soon as they are released.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated users with Admin or Teacher roles to upload and execute arbitrary PHP code remotely, potentially leading to full system compromise.
Such a compromise could result in unauthorized access to sensitive personal data managed by the School Management System.
This unauthorized access and potential data breach could negatively impact compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches.