3 matches found
CVE-2025-8433
CVE-2025-8433 affects code-projects Document Management System 1.0 in the dell.php unlink function. The issue arises from manipulating the ID argument, enabling path traversal via the which parameter and potentially allowing deletion of arbitrary server files. Exploitation has been publicly discl...
CVE-2025-8171
The connected records provide concrete details for CVE-2025-8171 in code-projects Document Management System 1.0. The issue resides in the /insert.php endpoint where manipulation of the uploaded_file argument leads to unrestricted file uploads, enabling remote initiation of an attack. Multiple so...
CVE-2025-56289
CVE-2025-56289 affects Code-Projects Document Management System v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by failure to filter yet in the Company field during file uploads, allowing an attacker to exfiltrate the administrator’s cookies. Reported impact is limited to cook...