EUVD-2025-18924
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4Description
PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-teacher-pic.php.
Analysis
PHPGurukul Pre-School Enrollment System v1.0 contains a directory traversal vulnerability in the update-teacher-pic.php endpoint that allows unauthenticated remote attackers to read arbitrary files from the server with high confidence. An attacker can exploit this network-accessible vulnerability without any privileges or user interaction to disclose sensitive files, potentially exposing database credentials, configuration files, or other system information. The high CVSS score of 7.5 reflects the ease of exploitation (network-accessible, low complexity, no authentication required) and significant confidentiality impact, though this vulnerability does not permit file modification or denial of service.
Technical Context
The vulnerability exists in a PHP application's file upload/update functionality (update-teacher-pic.php) that fails to properly sanitize user-supplied input for directory traversal sequences such as '../' or URL-encoded variants like '%2e%2e%2f'. This is a classic CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) vulnerability where path traversal filters are either absent or bypassable. PHPGurukul Pre-School Enrollment System is a PHP-based educational management system; the vulnerable endpoint likely processes teacher profile picture updates but does not validate that the resulting file path remains within the intended upload directory. An attacker can inject path traversal sequences into file parameters to access files outside the web root, including /etc/passwd, configuration files (config.php, database.yml), or other sensitive system files readable by the web server process.
Affected Products
PHPGurukul Pre-School Enrollment System version 1.0 and likely earlier versions. The specific vulnerable component is the 'update-teacher-pic.php' file. CPE identifiers for this product are not provided in the source data, but the affected software would be identified as: Software: PHPGurukul Pre-School Enrollment System, Vendor: PHPGurukul, Version: 1.0, Type: PHP Web Application. Affected installations include any deployment of this system version accessible via HTTP/HTTPS. No vendor advisory links or official patch references are provided in the available intelligence.
Remediation
Immediate remediation steps: (1) Implement strict input validation on the file parameter in update-teacher-pic.php by using basename() to extract only the filename component and rejecting any input containing '../', '..\', percent-encoded variants (%2e, %2f, %5c), or other path traversal sequences; (2) Enforce a whitelist of allowed file extensions and MIME types; (3) Store uploaded files outside the web root or in a dedicated uploads directory with restricted execution permissions; (4) Use a fixed, randomized filename pattern rather than user-supplied input; (5) Implement authentication and authorization checks to ensure only authorized users can access this endpoint; (6) Check PHPGurukul project repositories (GitHub, SourceForge) for patched versions beyond 1.0; (7) As a temporary workaround, implement Web Application Firewall (WAF) rules to block requests containing '../' sequences to update-teacher-pic.php; (8) Audit access logs for evidence of exploitation. Ideally, upgrade to a patched version if available or switch to actively maintained educational management systems.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today