File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Code-projects
  • Simple School Management System

Configuration 1 [-]

cpe:2.3:a:code-projects:simple_school_management_system:1.0:*:*:*:*:*:*:*

No data.

References
Link Providers
https://github.com/ss122-0ss/School/blob/main/readme.md cve-icon cve-icon cve-icon
History

Fri, 04 Apr 2025 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects simple School Management System
CPEs cpe:2.3:a:code-projects:simple_school_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Code-projects
Code-projects simple School Management System

Thu, 15 Aug 2024 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-434
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-04-25T00:00:00

Updated: 2024-08-15T15:37:30.411Z

Reserved: 2024-04-05T00:00:00

Link: CVE-2024-31610

cve-icon Vulnrichment

Updated: 2024-08-02T01:59:49.146Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-25T22:15:08.993

Modified: 2025-04-04T14:39:00.233

Link: CVE-2024-31610

cve-icon Redhat

No data.