Login Sign Up

CVE-2025-56295

7.3 HIGH
Remote Code Execution

📋 TL;DR

Computer Laboratory System 1.0 has an unrestricted file upload vulnerability that allows authenticated staff users to upload PHP backdoor files through the avatar modification feature. This enables attackers to execute arbitrary code and gain server control. Only systems running this specific software version are affected.

💻 Affected Systems

Products:
  • Computer Laboratory System
Versions: 1.0
Operating Systems: Any OS running PHP web server
Default Config Vulnerable: ⚠️ Yes
Notes: Requires staff-level authentication; PHP file execution must be enabled on server

📦 What is this software?

Computer Laboratory System by Carmelo

View all CVEs affecting Computer Laboratory System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to data theft, ransomware deployment, or use as attack launchpad

🟠

Likely Case

Web shell installation allowing persistent access, data exfiltration, and lateral movement

🟢

If Mitigated

Limited impact with proper file upload restrictions and web application firewalls

🌐 Internet-Facing: HIGH - Web-accessible interface allows remote exploitation
🏢 Internal Only: MEDIUM - Requires staff credentials but internal attackers could exploit

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires staff credentials; GitHub repository contains proof-of-concept

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://code-projects.com

Restart Required: No

Instructions:

No official patch available. Consider upgrading to newer version if exists or implementing workarounds.

🔧 Temporary Workarounds

Restrict File Upload Extensions

all

Configure web server to block PHP file uploads through avatar feature

# In .htaccess for Apache: 
<FilesMatch "\.(php|php5|php7|phtml)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>
# In nginx config:
location ~ \.php$ {
    deny all;
}

Implement File Type Validation

all

Add server-side validation to only allow image file types (jpg, png, gif)

# Example PHP validation:
$allowed_types = ['image/jpeg', 'image/png', 'image/gif'];
if(!in_array($_FILES['avatar']['type'], $allowed_types)) {
    die('Invalid file type');
}

🧯 If You Can't Patch

  • Disable avatar upload functionality completely
  • Implement Web Application Firewall (WAF) rules to block PHP file uploads

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a PHP file through staff avatar upload feature and check if it executes

Check Version:

Check software version in admin panel or configuration files

Verify Fix Applied:

Test that PHP files cannot be uploaded or executed via avatar upload

📡 Detection & Monitoring

Log Indicators:

  • PHP file uploads via avatar endpoints
  • Unusual file uploads from staff accounts
  • Web shell connection attempts

Network Indicators:

  • POST requests with PHP file uploads to avatar endpoints
  • Suspicious outbound connections from web server

SIEM Query:

source="web_logs" AND (uri="*avatar*" AND file_extension="php")

📊 Metadata

CVE ID: CVE-2025-56295
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CWE: CWE-434
EPSS Score: 0.02% exploit probability (3.6th percentile)
Published: September 16, 2025
Last Updated: September 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-56295, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)