CVE-2025-4720

MEDIUM

Munyweki Student Result Management System - Path Traversal

Title source: rule

Description

A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file academic/core/drop_student.php. The manipulation of the argument img leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WRITEUP

by Xmyronn · poc

https://github.com/Xmyronn/duplicate-CVE-2025-4720-

View Code ZIP pw:eip

References (5)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/Xiaoyi-ing/CVE/issues/4

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.309022

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.309022

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.569855

[Product] https://www.sourcecodester.com/

Scores

CVSS v3 5.4

EPSS 0.0036

EPSS Percentile 58.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Details

CWE

CWE-22

Status published

Products (1)

munyweki/student_result_management_system 1.0

Published May 15, 2025

Tracked Since Feb 18, 2026