CVE-2025-2687

Published: Mar 24, 2025Modified: Mar 27, 2025

5.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the component Image Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Phpgurukul: Elearning System

1 product

Elearning System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpgurukul Elearning System	Version 1.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (5)

https://github.com/ARPANET-cyber/CVE/issues/14

Source: cna@vuldb.com

ExploitIssue TrackingThird Party Advisory

https://phpgurukul.com/

Source: cna@vuldb.com

Product

https://vuldb.com/?ctiid.300708

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.300708

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?submit.521454

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

Timeline

No history available yet.