CVE-2025-4898

CWE-22 — Path Traversal5 documents4 sources

Severity

5.3MEDIUM

EPSS

0.3%

top 43.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Student Result Management System Munyweki Student Result Management System

Timeline

PublishedMay 18

Latest updateDec 17

Description

A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects the function unlink of the file update_system.php of the component Logo File Handler. The manipulation of the argument old_logo leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5sourcecodester/student_result_management_system1.0

▶NVDmunyweki/student_result_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-qqv3-3q7q-584r: A vulnerability was found in SourceCodester Student Result Management System 1↗2025-05-19

▶

CVEList

SourceCodester Student Result Management System Logo File update_system.php unlink path traversal↗2025-05-18

▶

💬Community

Bugzilla

CVE-2025-68114 capstone: Capstone: Memory corruption via unchecked vsnprintf return↗2025-12-17

▶

Bugzilla

CVE-2025-67873 capstone: Capstone: Heap buffer overflow via skipdata callback allows denial of service or arbitrary code execution.↗2025-12-17

▶