CVE-2026-5472

MEDIUM 6.3

ProjectsAndPrograms School Management System Profile Picture settings.php unrestricted upload

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The affected element is an unknown function of the file /admin_panel/settings.php of the component Profile Picture Handler. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.

CWE	CWE-434 CWE-284
Vendor	projectsandprograms
Product	school management system
Published	Apr 3, 2026
Last Updated	Apr 3, 2026

Stay Ahead of the Next One

Get instant alerts for projectsandprograms school management system

Be the first to know when new medium vulnerabilities affecting projectsandprograms school management system are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

ProjectsAndPrograms / School Management System

6b6fae5426044f89c08d0dd101c7fa71f9042a59

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/355076 vuldb.com: https://vuldb.com/vuln/355076/cti vuldb.com: https://vuldb.com/submit/781791 github.com: https://github.com/sudo-secure/security-research/blob/main/school-management-system/file-upload-rce/PoC.md

Credits

🔍 sudosme (VulDB User)