| Title | ProjectsAndPrograms school-management-system 1 File Upload / RCE |
|---|
| Description | An authenticated file upload vulnerability exists in the School Management System that allows users with Admin or Teacher roles to upload arbitrary files, which can be executed on the server, leading to Remote Code Execution (RCE). |
|---|
| Source | ⚠️ https://github.com/sudo-secure/security-research/blob/main/school-management-system/file-upload-rce/PoC.md |
|---|
| User | sudosme (UID 96548) |
|---|
| Submission | 03/17/2026 16:23 (18 days ago) |
|---|
| Moderation | 04/03/2026 09:40 (17 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 355076 [ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59 Profile Picture settings.php File unrestricted upload] |
|---|
| Points | 16 |
|---|