Hzmanyun Education and Training System Unrestricted File Upload Vulnerability

Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in the Hzmanyun Education and Training System version 3.1.1. The issue arises in the 'saveImage' function, where improper handling of the 'file' argument enables remote attackers to upload potentially malicious files.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could be used to upload malicious scripts or files that could be executed on the server, leading to various types of attacks such as remote code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hzmanyun Education and Training System Unrestricted File Upload Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating