CVE-2025-60500_CVE-2025-60500

7.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a web-accessible directory.

Basic Information

ID CVE-2025-60500

Source mitre

Published Oct 21, 2025 at 00:00

Modified Oct 21, 2025 at 18:32

Affected Product

Vendor n/a

Product n/a

Version n/a

Affected Versions n/a n/a n/a

CWE Classification

CWE-434

References

github.com /H4zaz/CVE-2025-60500

{
    "lastseen": "",
    "description": "QDocs Smart School Management System 7.1 allows authenticated users with roles such as \"accountant\" or \"admin\" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a web-accessible directory.",
    "published": "2025-10-21T00:00:00.000Z",
    "modified": "2025-10-21T18:32:03.266Z",
    "type": "cve",
    "title": "CVE-2025-60500",
    "source": "mitre",
    "references": "https://github.com/H4zaz/CVE-2025-60500",
    "id": "CVE-2025-60500",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "n/a",
    "version": "n/a",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}