Primary

Context

code-projects Online Examination System Unrestricted File Upload Vulnerability in admin_pic.php

Vulnerability

A vulnerability allowing unrestricted file uploads has been identified in code-projects Online Examination System version 1.0. The issue resides in the file admin_pic.php, where the 'Change Picture' feature fails to restrict file types, enabling remote upload of malicious files, such as PHP web shells, which can lead to unauthorized code execution.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the application is hosted.

Reproduction

To reproduce this vulnerability, access the 'Change Picture' feature, which triggers the admin_pic.php file. Since there are no restrictions on file types, upload a PHP file that contains a web shell. Once uploaded, the web shell can be executed to gain remote code execution on the server.

Added: Jan 26, 2026, 7:19 AM

Updated: Jan 26, 2026, 3:41 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.2

remediation

0.0

relevance

2.3

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.2

remediation

0.0

relevance

2.3

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

code-projects Online Examination System Unrestricted File Upload Vulnerability in admin_pic.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating