Skip to main content
CVE-2025-15050 LOW POC Monitor

Unauthenticated file upload vulnerability in code-projects Student File Management System 1.0 allows authenticated remote attackers to bypass file upload restrictions via manipulation of the File parameter in /save_file.php, despite the CVSS v4.0 score of 2.1 reflecting only low confidentiality, integrity, and availability impact with no scope change. The exploit is publicly available and the low EPSS score (0.09%, 25th percentile) suggests limited real-world exploitation attempts despite public disclosure.

PHP Authentication Bypass File Upload Student File Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-15052 LOW POC Monitor

Cross-site scripting (XSS) via unsanitized firstname and lastname parameters in /profile.php of code-projects Student Information System 1.0 allows authenticated remote attackers with user interaction to inject malicious scripts affecting confidentiality. The vulnerability carries a low CVSS score (2.0) due to authentication and user interaction requirements, but publicly available exploit code exists and EPSS analysis assigns 0.06% exploitation probability, reflecting limited real-world attack likelihood despite public POC availability.

PHP XSS Student Information System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-68585 LOW Monitor

Missing Authorization vulnerability in Ben Balter WP Document Revisions wp-document-revisions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Document Revisions: from n/a through <= 3.7.2.

Authentication Bypass
NVD
CVSS 3.1
2.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy