CVE-2025-56295

HIGH

Computer Laboratory System 1.0 - Authenticated Arbitrary File Upload via Avatar Modification

Title source: llm

Description

code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions.

References (2)

Core 2

Core References

Not Applicable

http://code-projects.com

Exploit, Third Party Advisory

https://github.com/Chen1-Boop/CVE/blob/main/CVE-2025-56295.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.3

EPSS 0.0031

EPSS Percentile 22.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

carmelo/computer_laboratory_system 1.0

Published Sep 16, 2025

Tracked Since Feb 18, 2026