EUVD-2026-19398

A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function moveuploadedfile of the file /AssignmentSection/submission/upload.php. Performing a manipulation of the argument File results in unrestricted upload. Th...

CVE-2026-5670

A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function moveuploadedfile of the file /AssignmentSection/submission/upload.php. Performing a manipulation of the argument File results in unrestricted upload. Th...

CVE-2026-5670 Cyber-III Student-Management-System upload.php move_uploaded_file unrestricted upload

A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function moveuploadedfile of the file /AssignmentSection/submission/upload.php. Performing a manipulation of the argument File results in unrestricted upload. Th...

EUVD-2025-32611

A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function moveuploadedfile of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated...

CVE-2025-11347

A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function moveuploadedfile of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated...

CVE-2025-11347 code-projects Student Crud Operation Add Student Page/Edit Student add.php move_uploaded_file unrestricted upload

A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function moveuploadedfile of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated...

Code-Projects Student Crud Operation 代码问题漏洞

Code-Projects Student Crud Operation is a Code-Projects open source student information system. A code issue vulnerability exists in Code-Projects Student Crud Operation version 3.3 and earlier, which stems from improper manipulation of the moveuploadedfile function in the file add.php, which can...

WWBN AVideo import.json.php temporary copy unrestricted php file upload vulnerability

Talos Vulnerability Report TALOS-2023-1885 WWBN AVideo import.json.php temporary copy unrestricted php file upload vulnerability January 10, 2024 CVE Number CVE-2023-49715 SUMMARY A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVide...

CVE-2021-26610

The moveuploadedfile function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code...

CVE-2020-20979

An arbitrary file upload vulnerability in the moveuploadedfile function of LJCMS v4.3 allows attackers to execute arbitrary code...

php: move_uploaded_file() NUL byte injection in file name

It was found that PHP moveuploadedfile function did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

PHP move_uploaded_file implementation securely bypasses file creation vulnerability

PHP is a popular programming language. The moveuploadedfile implementation in PHP ext/standard/basicfunctions.c fails to properly handle the \x00 character in pathnames, allowing remote attackers to bypass extension limits and create files using special parameters...