CVE-2025-4898

MEDIUM Year: 2025
CVSS v3 Score
5.4
Medium
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-22
View all →

Vulnerability Description

A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects the function unlink of the file update_system.php of the component Logo File Handler. The manipulation of the argument old_logo leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2018-14654

MEDIUM
CVSS:5.4(Medium)

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_...

CWE-222018

CVE-2019-14362

MEDIUM
CVSS:5.4(Medium)

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewA...

CWE-222019

CVE-2019-5936

MEDIUM
CVSS:5.4(Medium)

Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.

CWE-222019

CVE-2020-15941

MEDIUM
CVSS:5.4(Medium)

A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete ...

CWE-222020

CVE-2020-4209

MEDIUM
CVSS:5.4(Medium)

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequenc...

CWE-222020

CVE-2021-25367

MEDIUM
CVSS:5.4(Medium)

Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission.

CWE-222021