CNNVD-202509-2307 Information

CNNVD ID

CNNVD-202509-2307

Related CVE

CVE-2025-56263

• CNNVD Published: 2025-09-16

Description (Chinese)

sms是Jeffrey个人开发者的一个学生成绩管理系统。 sms 1.0版本存在安全漏洞，该漏洞源于/api/sms/upload/headImg端点允许上传任意文件，可能导致任意文件上传攻击。

Description (English)

The sms are a student achievement management system for Jeffrey’s personal developer. Release 1.0 of sms has a security loophole, which originates from/api/sms/upload/headImg endpoint allowing the uploading of arbitrary documents, which may lead to an attack on the uploading of any document.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-16

Last Modified

2026-02-24

References

https://github.com/by-night/sms/issues/50 https://github.com/echo0d/vulnerability/blob/main/by-night_sms/fileUpload.md