CVE-2025-11347 — Improper Access Control in Crud Operation System

CWE-284 — Improper Access Control CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 82.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Crud Operation System Code-projects Student Crud Operation

Timeline

PublishedOct 7

Description

A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5code-projects/student_crud_operation4 versions+3

▶NVDcode-projects/crud_operation_system3.3

🔴Vulnerability Details

GHSA

GHSA-3qw9-vggh-2mf5: A vulnerability was found in code-projects Student Crud Operation up to 3↗2025-10-07

▶

CVEList

code-projects Student Crud Operation Add Student Page/Edit Student add.php move_uploaded_file unrestricted upload↗2025-10-07

▶