CVE-2025-11660
Last modified
CVE-2025-11660 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this issue is some unknown functionality of the file /assets/uploadSllyabus.php. EPSS estimates a 0.41% chance of exploitation in the next 30 days.
Description
A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this issue is some unknown functionality of the file /assets/uploadSllyabus.php. Such manipulation of the argument File leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Oranbyte | School Management System | 1.0 |
References
- https://github.com/qqy-123/cve/issues/5Exploit, Issue Tracking, Third Party Advisory
- https://vuldb.com/?ctiid.328077Permissions Required, VDB Entry
- https://vuldb.com/?id.328077Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.665610Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-11660?
How severe is CVE-2025-11660?
How do I fix CVE-2025-11660?
Are you affected by CVE-2025-11660?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST