GHSA-xmh7-35v2-fp6h
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xmh7-35v2-fp6h
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-xmh7-35v2-fp6h/GHSA-xmh7-35v2-fp6h.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-xmh7-35v2-fp6h
- Aliases
- Published
- 2025-11-30T09:30:18Z
- Modified
- 2025-12-12T17:26:16.633022Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- Skuul School Management System has a Sensitive Data Exposure Vulnerability in Uploaded Images
- Details
-
A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- Database specific
{ "cwe_ids": [ "CWE-200" ], "github_reviewed_at": "2025-12-12T16:52:27Z", "nvd_published_at": "2025-11-30T08:15:45Z", "severity": "LOW", "github_reviewed": true }- References
Affected packages
Packagist / yungifez/skuul
Package
- Name
- yungifez/skuul
- Purl
- pkg:composer/yungifez/skuul
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected2.6.4
Affected versions
V1.*
V1.0.3
V2.*
V2.6.4
v0.*
v0.0.1
v0.1.0
v0.2.0
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.3.0
v1.3.1
v1.3.2
v1.4.0
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8
v2.5.9
v2.5.10
v2.5.11
v2.5.12
v2.5.13
v2.5.14
v2.5.15
v2.5.16
v2.5.17
v2.6.0
v2.6.1
v2.6.2
v2.6.3