CVE-2025-1555 | hzmanyun Education and Training System 3.1.1 saveImage file unrestricted upload

Posted by Angelo Barbosa | Feb 21, 2025 | CVE

A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. This vulnerability affects the function saveImage. The manipulation of the argument file leads to unrestricted upload.

This vulnerability was named CVE-2025-1555. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-1555 | hzmanyun Education and Training System 3.1.1 saveImage file unrestricted upload

Related Posts

CVE-2024-7154 | TOTOLINK A3700R 9.1.2u.5822_B20200513 Password Reset /wizard.html access control

CVE-2024-33807 | campcodes Complete Web-Based School Management System 1.0 get_teacher_timetable.php grade sql injection

CVE-2024-1132 | Keycloak URL redirect

CVE-2025-24964 | vitest-dev vitest up to 0.0.125/1.6.0/2.1.8/3.0.4 API Server missing origin validation in websockets (GHSA-9crc-q9x8-hgqq)