Description
Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. This issue affects JP Students Result Management System Premium: from 1.1.7 through n/a.
Published: 2025-05-23
Score: 9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an unrestricted upload flaw that permits uploading files of any type, including executable scripts such as PHP web shells. By injecting a malicious file, an attacker can achieve remote code execution on the web server, compromising confidentiality, integrity, and availability of the affected website. This weakness is identified as CWE-434 – Unrestricted Upload of File with Dangerous Type.

Affected Systems

The flaw exists in the WordPress plugin "JP Students Result Management System Premium" from vendor joy2012bd, specifically version 1.1.7 and all subsequent releases until a fix is applied. Any WordPress site running this plugin is potentially exposed.

Risk and Exploitability

The CVSS score of 9 signifies critical severity, while the EPSS score of less than 1% indicates low yet non‑zero probability of exploitation. Although the vulnerability is not listed in the CISA KEV catalog, the known attack vector is the plugin’s upload interface, which an attacker can use to upload a web shell and execute arbitrary code. The combination of high impact and potential for remote execution makes this flaw a high‑priority risk for affected installations.

Generated by OpenCVE AI on April 30, 2026 at 18:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the "JP Students Result Management System Premium" plugin to a version that removes the unrestricted upload capability or replace the plugin entirely
  • If upgrading is not immediately possible, configure the web server to reject all file uploads that are not .jpg or .png and block PHP execution in any folder where uploads are stored
  • Perform a thorough scan of the upload directory for unexpected files, delete any suspicious uploads, and review application logs for anomalous activity

Generated by OpenCVE AI on April 30, 2026 at 18:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-27813 Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. This issue affects JP Students Result Management System Premium: from 1.1.7 through n/a.
History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium jp-students-result-system-premium allows Upload a Web Shell to a Web Server.This issue affects JP Students Result Management System Premium: from n/a through 1.1.7. Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. This issue affects JP Students Result Management System Premium: from 1.1.7 through n/a.
References

Thu, 23 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. This issue affects JP Students Result Management System Premium: from 1.1.7 through n/a. Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium jp-students-result-system-premium allows Upload a Web Shell to a Web Server.This issue affects JP Students Result Management System Premium: from n/a through 1.1.7.
References

Fri, 23 May 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 23 May 2025 13:00:00 +0000

Type Values Removed Values Added
Description Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. This issue affects JP Students Result Management System Premium: from 1.1.7 through n/a.
Title WordPress JP Students Result Management System Premium plugin 1.1.7 - Arbitrary File Upload vulnerability
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:16.256Z

Reserved: 2025-04-01T13:21:47.739Z

Link: CVE-2025-31916

cve-icon Vulnrichment

Updated: 2025-05-23T13:25:14.983Z

cve-icon NVD

Status : Deferred

Published: 2025-05-23T13:15:28.453

Modified: 2026-04-28T19:31:24.977

Link: CVE-2025-31916

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T19:00:14Z

Weaknesses