Primary

Context

Code-Projects Computer Laboratory System File Upload Vulnerability Allowing PHP Backdoor Execution

Vulnerability

A file upload vulnerability has been identified in Code-Projects Computer Laboratory System version 1.0. This issue allows staff to upload malicious PHP files disguised as image uploads when changing avatar information. Once uploaded, these files can be executed as web shells to gain unauthorized access to server permissions.

Impact

Exploitation of this vulnerability allows for remote code execution on the server, with the uploaded PHP backdoor being executed as a web shell.

Reproduction

To reproduce this vulnerability, log into the system and navigate to the avatar change feature. Upload a malicious file named 'cmd.php' as an avatar. After the file is uploaded, use a web shell connection tool, such as AntSword, to connect to the server. Once connected, the server can be controlled remotely.

Added: Sep 16, 2025, 3:38 PM

Updated: Sep 16, 2025, 7:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Code-Projects Computer Laboratory System File Upload Vulnerability Allowing PHP Backdoor Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating