CNNVD-202509-3207 Information

CNNVD ID

CNNVD-202509-3207

Related CVE

CVE-2025-10763

• CNNVD Published: 2025-09-21

Description (Chinese)

Academico是Academico开源的一个基于Lavarel的中小学学校管理平台。 Academico存在代码问题漏洞，该漏洞源于文件/edit-photo功能存在上传限制缺失，可能导致远程上传攻击。

Description (English)

Academico is an open-source Academico-based primary and secondary school management platform based on Lavarel. Academico has a code loophole, which stems from the lack of upload restrictions for the file/edit-photo function, which could lead to a remote upload attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Academico

Published

2025-09-21

Last Modified

2026-02-24

References

https://vuldb.com/?id.325118 https://vuldb.com/?ctiid.325118 https://vuldb.com/?submit.646915 https://gist.github.com/KhanMarshaI/86d0c1553355bb168084fffbdb6e7fea https://access.redhat.com/security/cve/cve-2025-10763