Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities by yungifez

    CVE-2025-13785 (GCVE-0-2025-13785)

    Vulnerability from nvd – Published: 2025-11-30 07:32 – Updated: 2025-12-02 17:23
    VLAI
    Title
    yungifez Skuul School Management System Image profile information disclosure
    Summary
    A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    yungifez Skuul School Management System Affected: 2.6.0
    Affected: 2.6.1
    Affected: 2.6.2
    Affected: 2.6.3
    Affected: 2.6.4
    Affected: 2.6.5
    Create a notification for this product.
    Credits
    Zeeshan Khan (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13785",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-02T17:23:05.703031Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-02T17:23:12.635Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/?submit.689026"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gist.github.com/thezeekhan/02f5255506080849fc732eea07008634"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Image Handler"
              ],
              "product": "Skuul School Management System",
              "vendor": "yungifez",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6.0"
                },
                {
                  "status": "affected",
                  "version": "2.6.1"
                },
                {
                  "status": "affected",
                  "version": "2.6.2"
                },
                {
                  "status": "affected",
                  "version": "2.6.3"
                },
                {
                  "status": "affected",
                  "version": "2.6.4"
                },
                {
                  "status": "affected",
                  "version": "2.6.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Zeeshan Khan (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-30T07:32:05.160Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333789 | yungifez Skuul School Management System Image profile information disclosure",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.333789"
            },
            {
              "name": "VDB-333789 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333789"
            },
            {
              "name": "Submit #689026 | yungifez Skuul v2.6.5 Exposure of Sensitive Information Through Metadata",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.689026"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/thezeekhan/02f5255506080849fc732eea07008634"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-29T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-29T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-29T14:04:51.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "yungifez Skuul School Management System Image profile information disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13785",
        "datePublished": "2025-11-30T07:32:05.160Z",
        "dateReserved": "2025-11-29T12:59:44.505Z",
        "dateUpdated": "2025-12-02T17:23:12.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13784 (GCVE-0-2025-13784)

    Vulnerability from nvd – Published: 2025-11-30 07:02 – Updated: 2025-12-03 15:30
    VLAI
    Title
    yungifez Skuul School Management System SVG File edit cross site scripting
    Summary
    A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    yungifez Skuul School Management System Affected: 2.6.0
    Affected: 2.6.1
    Affected: 2.6.2
    Affected: 2.6.3
    Affected: 2.6.4
    Affected: 2.6.5
    Create a notification for this product.
    Credits
    Zeeshan Khan (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13784",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-03T15:30:33.805536Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-03T15:30:37.589Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/?submit.689012"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gist.github.com/thezeekhan/7fc54fd44bc5f318be0350b367b2d8ff"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "SVG File Handler"
              ],
              "product": "Skuul School Management System",
              "vendor": "yungifez",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6.0"
                },
                {
                  "status": "affected",
                  "version": "2.6.1"
                },
                {
                  "status": "affected",
                  "version": "2.6.2"
                },
                {
                  "status": "affected",
                  "version": "2.6.3"
                },
                {
                  "status": "affected",
                  "version": "2.6.4"
                },
                {
                  "status": "affected",
                  "version": "2.6.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Zeeshan Khan (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-30T07:02:05.901Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333788 | yungifez Skuul School Management System SVG File edit cross site scripting",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.333788"
            },
            {
              "name": "VDB-333788 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333788"
            },
            {
              "name": "Submit #689012 | yungifez Skuul v2.6.5 Open Redirect",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.689012"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/thezeekhan/7fc54fd44bc5f318be0350b367b2d8ff"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-29T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-29T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-29T14:04:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "yungifez Skuul School Management System SVG File edit cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13784",
        "datePublished": "2025-11-30T07:02:05.901Z",
        "dateReserved": "2025-11-29T12:59:34.961Z",
        "dateUpdated": "2025-12-03T15:30:37.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12918 (GCVE-0-2025-12918)

    Vulnerability from nvd – Published: 2025-11-09 08:02 – Updated: 2025-11-14 17:45
    VLAI
    Title
    yungifez Skuul School Management System View Fee Invoice fee-invoices resource injection
    Summary
    A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoice_id results in improper control of resource identifiers. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-99 - Improper Control of Resource Identifiers
    Assigner
    References
    Impacted products
    Vendor Product Version
    yungifez Skuul School Management System Affected: 2.6.0
    Affected: 2.6.1
    Affected: 2.6.2
    Affected: 2.6.3
    Affected: 2.6.4
    Affected: 2.6.5
    Create a notification for this product.
    Credits
    Zeeshan Khan (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12918",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-14T17:45:14.488659Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-14T17:45:18.489Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gist.github.com/thezeekhan/fbfa9a7dbc0b0b81fd868ee166839041#steps-to-reproduce"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gist.github.com/thezeekhan/fbfa9a7dbc0b0b81fd868ee166839041"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/?submit.680686"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "View Fee Invoice"
              ],
              "product": "Skuul School Management System",
              "vendor": "yungifez",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6.0"
                },
                {
                  "status": "affected",
                  "version": "2.6.1"
                },
                {
                  "status": "affected",
                  "version": "2.6.2"
                },
                {
                  "status": "affected",
                  "version": "2.6.3"
                },
                {
                  "status": "affected",
                  "version": "2.6.4"
                },
                {
                  "status": "affected",
                  "version": "2.6.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Zeeshan Khan (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoice_id results in improper control of resource identifiers. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in yungifez Skuul School Management System up to 2.6.5 gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /dashboard/fees/fee-invoices/ der Komponente View Fee Invoice. Durch Manipulation des Arguments invoice_id mit unbekannten Daten kann eine improper control of resource identifiers-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.1,
                "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-99",
                  "description": "Improper Control of Resource Identifiers",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-09T08:02:05.919Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-331636 | yungifez Skuul School Management System View Fee Invoice fee-invoices resource injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.331636"
            },
            {
              "name": "VDB-331636 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.331636"
            },
            {
              "name": "Submit #680686 | yungifez Skuul v2.6.5 Improper Access Controls",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.680686"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://gist.github.com/thezeekhan/fbfa9a7dbc0b0b81fd868ee166839041"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/thezeekhan/fbfa9a7dbc0b0b81fd868ee166839041#steps-to-reproduce"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-08T17:51:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "yungifez Skuul School Management System View Fee Invoice fee-invoices resource injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-12918",
        "datePublished": "2025-11-09T08:02:05.919Z",
        "dateReserved": "2025-11-08T16:46:55.435Z",
        "dateUpdated": "2025-11-14T17:45:18.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13785 (GCVE-0-2025-13785)

    Vulnerability from cvelistv5 – Published: 2025-11-30 07:32 – Updated: 2025-12-02 17:23
    VLAI
    Title
    yungifez Skuul School Management System Image profile information disclosure
    Summary
    A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    yungifez Skuul School Management System Affected: 2.6.0
    Affected: 2.6.1
    Affected: 2.6.2
    Affected: 2.6.3
    Affected: 2.6.4
    Affected: 2.6.5
    Create a notification for this product.
    Credits
    Zeeshan Khan (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13785",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-02T17:23:05.703031Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-02T17:23:12.635Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/?submit.689026"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gist.github.com/thezeekhan/02f5255506080849fc732eea07008634"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Image Handler"
              ],
              "product": "Skuul School Management System",
              "vendor": "yungifez",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6.0"
                },
                {
                  "status": "affected",
                  "version": "2.6.1"
                },
                {
                  "status": "affected",
                  "version": "2.6.2"
                },
                {
                  "status": "affected",
                  "version": "2.6.3"
                },
                {
                  "status": "affected",
                  "version": "2.6.4"
                },
                {
                  "status": "affected",
                  "version": "2.6.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Zeeshan Khan (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-30T07:32:05.160Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333789 | yungifez Skuul School Management System Image profile information disclosure",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.333789"
            },
            {
              "name": "VDB-333789 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333789"
            },
            {
              "name": "Submit #689026 | yungifez Skuul v2.6.5 Exposure of Sensitive Information Through Metadata",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.689026"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/thezeekhan/02f5255506080849fc732eea07008634"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-29T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-29T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-29T14:04:51.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "yungifez Skuul School Management System Image profile information disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13785",
        "datePublished": "2025-11-30T07:32:05.160Z",
        "dateReserved": "2025-11-29T12:59:44.505Z",
        "dateUpdated": "2025-12-02T17:23:12.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13784 (GCVE-0-2025-13784)

    Vulnerability from cvelistv5 – Published: 2025-11-30 07:02 – Updated: 2025-12-03 15:30
    VLAI
    Title
    yungifez Skuul School Management System SVG File edit cross site scripting
    Summary
    A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    yungifez Skuul School Management System Affected: 2.6.0
    Affected: 2.6.1
    Affected: 2.6.2
    Affected: 2.6.3
    Affected: 2.6.4
    Affected: 2.6.5
    Create a notification for this product.
    Credits
    Zeeshan Khan (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13784",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-03T15:30:33.805536Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-03T15:30:37.589Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/?submit.689012"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gist.github.com/thezeekhan/7fc54fd44bc5f318be0350b367b2d8ff"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "SVG File Handler"
              ],
              "product": "Skuul School Management System",
              "vendor": "yungifez",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6.0"
                },
                {
                  "status": "affected",
                  "version": "2.6.1"
                },
                {
                  "status": "affected",
                  "version": "2.6.2"
                },
                {
                  "status": "affected",
                  "version": "2.6.3"
                },
                {
                  "status": "affected",
                  "version": "2.6.4"
                },
                {
                  "status": "affected",
                  "version": "2.6.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Zeeshan Khan (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-30T07:02:05.901Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333788 | yungifez Skuul School Management System SVG File edit cross site scripting",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.333788"
            },
            {
              "name": "VDB-333788 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333788"
            },
            {
              "name": "Submit #689012 | yungifez Skuul v2.6.5 Open Redirect",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.689012"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/thezeekhan/7fc54fd44bc5f318be0350b367b2d8ff"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-29T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-29T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-29T14:04:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "yungifez Skuul School Management System SVG File edit cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13784",
        "datePublished": "2025-11-30T07:02:05.901Z",
        "dateReserved": "2025-11-29T12:59:34.961Z",
        "dateUpdated": "2025-12-03T15:30:37.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12918 (GCVE-0-2025-12918)

    Vulnerability from cvelistv5 – Published: 2025-11-09 08:02 – Updated: 2025-11-14 17:45
    VLAI
    Title
    yungifez Skuul School Management System View Fee Invoice fee-invoices resource injection
    Summary
    A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoice_id results in improper control of resource identifiers. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-99 - Improper Control of Resource Identifiers
    Assigner
    References
    Impacted products
    Vendor Product Version
    yungifez Skuul School Management System Affected: 2.6.0
    Affected: 2.6.1
    Affected: 2.6.2
    Affected: 2.6.3
    Affected: 2.6.4
    Affected: 2.6.5
    Create a notification for this product.
    Credits
    Zeeshan Khan (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12918",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-14T17:45:14.488659Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-14T17:45:18.489Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gist.github.com/thezeekhan/fbfa9a7dbc0b0b81fd868ee166839041#steps-to-reproduce"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gist.github.com/thezeekhan/fbfa9a7dbc0b0b81fd868ee166839041"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/?submit.680686"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "View Fee Invoice"
              ],
              "product": "Skuul School Management System",
              "vendor": "yungifez",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6.0"
                },
                {
                  "status": "affected",
                  "version": "2.6.1"
                },
                {
                  "status": "affected",
                  "version": "2.6.2"
                },
                {
                  "status": "affected",
                  "version": "2.6.3"
                },
                {
                  "status": "affected",
                  "version": "2.6.4"
                },
                {
                  "status": "affected",
                  "version": "2.6.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Zeeshan Khan (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoice_id results in improper control of resource identifiers. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in yungifez Skuul School Management System up to 2.6.5 gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /dashboard/fees/fee-invoices/ der Komponente View Fee Invoice. Durch Manipulation des Arguments invoice_id mit unbekannten Daten kann eine improper control of resource identifiers-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.1,
                "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-99",
                  "description": "Improper Control of Resource Identifiers",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-09T08:02:05.919Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-331636 | yungifez Skuul School Management System View Fee Invoice fee-invoices resource injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.331636"
            },
            {
              "name": "VDB-331636 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.331636"
            },
            {
              "name": "Submit #680686 | yungifez Skuul v2.6.5 Improper Access Controls",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.680686"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://gist.github.com/thezeekhan/fbfa9a7dbc0b0b81fd868ee166839041"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/thezeekhan/fbfa9a7dbc0b0b81fd868ee166839041#steps-to-reproduce"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-08T17:51:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "yungifez Skuul School Management System View Fee Invoice fee-invoices resource injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-12918",
        "datePublished": "2025-11-09T08:02:05.919Z",
        "dateReserved": "2025-11-08T16:46:55.435Z",
        "dateUpdated": "2025-11-14T17:45:18.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }