← Zuruck zu CVEs
CVE-2025-60500
HIGH7.2
Beschreibung
QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a web-accessible directory.
CVE Details
CVSS v3.1 Bewertung7.2
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht10/21/2025
Zuletzt geandert11/17/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
qdocs:smart_school
Schwachen (CWE)
CWE-434
Referenzen
https://github.com/H4zaz/CVE-2025-60500(cve@mitre.org)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.