CVE Details
Basic Information
| Title | code-projects Staff Audit System test.php unrestricted upload |
|---|---|
| Type | cve |
| Published | 2025-07-08T14:02:05.702Z |
| Modified | 2025-07-08T14:02:05.702Z |
Product Information
| Vendor | code-projects |
|---|---|
| Product | Staff Audit System |
| Version | 1.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A critical vulnerability in code-projects Staff Audit System 1.0 allows unrestricted file uploads via the test.php file. This could enable remote attackers to upload malicious files, potentially leading to code execution. The issue has been publicly disclosed. |
|---|---|
| AI Severity | Medium |
| AI Vendor | code-projects |
| AI Product | Staff Audit System |
| AI Version | 1.0 |
| AI Score | 5.3 |
Affected Products
- code-projects Staff Audit System 1.0
Additional Information
| CWE List | CWE-434, CWE-284 |
|---|---|
| Source | VulDB |
Description
A vulnerability, which was classified as critical, was found in code-projects Staff Audit System 1.0. Affected is an unknown function of the file /test.php. The manipulation of the argument uploadedfile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.