Unrestricted Upload Vulnerability in Library Management System by Code-Projects
CVE-2025-7190
Key Information:
- Vendor
Code-projects
- Vendor
- CVE Published:
- 8 July 2025
Badges
What is CVE-2025-7190?
A vulnerability affecting Code-Projects' Library Management System version 2.0 has been identified in the file /admin/student_edit_photo.php. This vulnerability allows attackers to manipulate the photo upload argument, leading to unrestricted file uploads. As a result, it may be possible for remote attackers to upload malicious files, potentially compromising the system and its data integrity. The vulnerability has been publicly disclosed, raising concerns over potential exploits.
Affected Version(s)
Library Management System 2.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved