ProjectsAndPrograms School Management System Profile Picture settings.php unrestricted upload

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The affected element is an unknown function of the file /admin_panel/settings.php of the component Profile Picture Handler. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.

Basic Information

ID CVE-2026-5472

Source VulDB

Published Apr 3, 2026 at 16:00

Modified Apr 3, 2026 at 17:27

Affected Product

Vendor ProjectsAndPrograms

Product School Management System

Version 6b6fae5426044f89c08d0dd101c7fa71f9042a59

Affected Versions ProjectsAndPrograms School Management System 6b6fae5426044f89c08d0dd101c7fa71f9042a59

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The affected element is an unknown function of the file /admin_panel/settings.php of the component Profile Picture Handler. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.",
    "published": "2026-04-03T16:00:17.480Z",
    "modified": "2026-04-03T17:27:56.665Z",
    "type": "cve",
    "title": "ProjectsAndPrograms School Management System Profile Picture settings.php unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/355076\nhttps://vuldb.com/vuln/355076/cti\nhttps://vuldb.com/submit/781791\nhttps://github.com/sudo-secure/security-research/blob/main/school-management-system/file-upload-rce/PoC.md",
    "id": "CVE-2026-5472",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "ProjectsAndPrograms School Management System 6b6fae5426044f89c08d0dd101c7fa71f9042a59",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "School Management System",
    "version": "6b6fae5426044f89c08d0dd101c7fa71f9042a59",
    "vendor": "ProjectsAndPrograms",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

ProjectsAndPrograms School Management System Profile Picture settings.php unrestricted upload_CVE-2026-5472