一、 漏洞 CVE-2025-11347 基础信息
漏洞信息
                                        # 添加学生页面上传漏洞

## 概述

在 code-projects Student Crud Operation 3.3 及之前版本中发现一个漏洞,影响“添加学生页面”和“编辑学生页面”功能。

## 影响版本

- code-projects Student Crud Operation ≤ 3.3

## 细节

- 漏洞存在于 `add.php` 文件的 `move_uploaded_file` 函数中。
- 由于未对上传文件进行充分限制,攻击者可执行文件上传操作。
- 漏洞允许攻击者通过上传恶意文件操控系统。

## 影响

- 攻击者可远程发起攻击。
- 漏洞可能导致任意文件上传,进而引发远程代码执行等安全问题。
- 该漏洞的 exploit 已公开,存在被利用的风险。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
code-projects Student Crud Operation Add Student Page/Edit Student add.php move_uploaded_file unrestricted upload
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
来源:美国国家漏洞数据库 NVD
漏洞类别
危险类型文件的不加限制上传
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2025-11347 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2025-11347 的情报信息

  • 标题: vulndb.com/Student-Registration-Crud-Operation Unauthenticated Arbitrary File Upload leads to Remote Code Execution at main · romatdibrohiksnov/vulndb.com · GitHub -- 🔗来源链接

    标签: exploit

    vulndb.com/Student-Registration-Crud-Operation Unauthenticated Arbitrary File Upload leads to Remote Code Execution at main · romatdibrohiksnov/vulndb.com · GitHub

  • 标题: Download Free Open Source Projects | PHP, C++ | Source code & Projects -- 🔗来源链接

    标签: product

    神龙速读
    Download Free Open Source Projects | PHP, C++ | Source code & Projects

  • 标题: Login required -- 🔗来源链接

    标签: signature permissions-required

    Login required

  • 标题: Submit #664897: code-projects Student Crud Operation In PHP V3.3 Remote Code Execution (via Arbitrary File Upload) -- 🔗来源链接

    标签: third-party-advisory

    Submit #664897: code-projects Student Crud Operation In PHP V3.3 Remote Code Execution (via Arbitrary File Upload)

  • 标题: CVE-2025-11347 code-projects Student Crud Operation Add Student Page/Edit Student add.php move_uploaded_file unrestricted upload -- 🔗来源链接

    标签: vdb-entry technical-description

    CVE-2025-11347 code-projects Student Crud Operation Add Student Page/Edit Student add.php move_uploaded_file unrestricted upload
  • https://nvd.nist.gov/vuln/detail/CVE-2025-11347
四、漏洞 CVE-2025-11347 的评论

暂无评论

发表评论