CVE-2025-56295

Published: Sep 16, 2025Modified: Sep 18, 2025

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Exploitability: 2.1 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions.

Affected (1)

Products: Carmelo: Computer Laboratory System

1 product

Computer Laboratory System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Carmelo Computer Laboratory System	Version 1.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (3)

http://code-projects.com

Source: cve@mitre.org

Not Applicable

https://github.com/Chen1-Boop/CVE/blob/main/CVE-2025-56295.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/Chen1-Boop/CVE/blob/main/CVE-2025-56295.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.