Puppy_6S6

**Name of the Vulnerable Software and Affected Versions** SourceCodester Web-based Pharmacy Product Management System version 1.0 **Description** A critical vulnerability was found in the SourceCodester Web-based Pharmacy Product Management System. The issue affects an unknown functionality of the file `/add-admin.php` of the component Create User Page. The manipulation of the `Avatar` argument leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Web-based Pharmacy Product Management System version 1.0, as a temporary workaround, consider disabling the `/add-admin.php` file or restricting access to it until a patch is available. Avoid using the `Avatar` argument in the affected Create User Page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.