CVE-2025-4720

MEDIUM

SourceCodester Student Result Management System 1.0 - Path Traversal via academic/core/drop_student.php img Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-4720. PoCs published by Xmyronn.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-4720, a path traversal vulnerability in SourceCodester SRMS 1.0. It includes vulnerable code snippets, proof-of-concept steps, and impact assessment, but does not contain functional exploit code.

Description

A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file academic/core/drop_student.php. The manipulation of the argument img leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WRITEUP

by Xmyronn · poc

https://github.com/Xmyronn/duplicate-CVE-2025-4720-

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2025-4720, a path traversal vulnerability in SourceCodester SRMS 1.0. It includes vulnerable code snippets, proof-of-concept steps, and impact assessment, but does not contain functional exploit code.

Classification

Writeup 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: SourceCodester Student Result Management System (SRMS) 1.0

No auth needed

Prerequisites: access to the vulnerable endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Apr 13, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.309022

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.309022

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.569855

Exploit, Issue Tracking, Third Party Advisory exploit issue-tracking

https://github.com/Xiaoyi-ing/CVE/issues/4

Product product

https://www.sourcecodester.com/

Scores

CVSS v3 5.4

EPSS 0.0049

EPSS Percentile 37.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

munyweki/student_result_management_system 1.0

Published May 15, 2025

Tracked Since Feb 18, 2026