CVE-2025-50349 – PHPGurukul Pre-School Enrollment System V1.0 co... (How to Fix)

📋 TL;DR

PHPGurukul Pre-School Enrollment System V1.0 contains a directory traversal vulnerability in update-teacher-pic.php that allows attackers to read arbitrary files on the server. This affects all installations of this specific version of the software. Attackers can potentially access sensitive configuration files, source code, or other protected data.

💻 Affected Systems

Products:

PHPGurukul Pre-School Enrollment System Project

Versions: V1.0

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects version 1.0 of this specific software. Requires the vulnerable file to be accessible via web.

📦 What is this software?

Pre School Enrollment System by Phpgurukul

View all CVEs affecting Pre School Enrollment System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise through reading sensitive files like configuration files containing database credentials, followed by database access and potential lateral movement.

🟠

Likely Case

Information disclosure of sensitive files including configuration files, source code, or user data stored on the server.

🟢

If Mitigated

Limited impact with proper file permissions and web server configuration restricting access to sensitive directories.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal vulnerabilities are typically easy to exploit with simple path traversal sequences like ../../../etc/passwd

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

1. Check for official patch from PHPGurukul
2. If no patch available, implement workarounds
3. Consider replacing with alternative software

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add proper input validation to update-teacher-pic.php to filter out directory traversal sequences

Modify update-teacher-pic.php to validate file paths and reject any containing ../ or similar traversal sequences

File Access Restriction

all

Restrict file operations to specific directories using basename() or realpath() validation

Implement path normalization and restrict file access to specific allowed directories only

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block directory traversal patterns
Restrict access to update-teacher-pic.php using authentication or IP whitelisting

🔍 How to Verify

Check if Vulnerable:

Test by accessing update-teacher-pic.php with traversal payloads like ?file=../../../etc/passwd

Check Version:

Check software version in admin panel or readme files

Verify Fix Applied:

Attempt exploitation with same payloads after implementing fixes - should return error or sanitized path

📡 Detection & Monitoring

Log Indicators:

HTTP requests to update-teacher-pic.php containing ../ sequences
Unusual file access patterns in web server logs

Network Indicators:

HTTP requests with directory traversal payloads in URL parameters

SIEM Query:

source="web_server_logs" AND (url="*update-teacher-pic.php*" AND (url="*../*" OR url="*..\\*"))

📊 Metadata

CVE ID: CVE-2025-50349

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.48% exploit probability (64.6th percentile)

Published: June 23, 2025

Last Updated: June 25, 2025

🔗 References

https://github.com/baixiaobi/Pre-School-/blob/main/directory%20traversal%20vulnerability-4.md Exploit,Third Party Advisory
https://github.com/baixiaobi/Pre-School-/blob/main/directory%20traversal%20vulnerability-4.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-50349, you might also want to check these: