CVE-2021-25207

Name of the Vulnerable Software and Affected Versions SourceCodester E-Commerce Website version 1.0

Description The issue is related to an arbitrary file upload vulnerability in the prodViewUpdate.php script of the E-Commerce Website system. This vulnerability allows an attacker to upload files of dangerous types, potentially leading to the execution of arbitrary code. The exploitation of this issue can enable a remote attacker to execute arbitrary code.

Recommendations For SourceCodester E-Commerce Website version 1.0, consider disabling the file upload functionality to the prodViewUpdate.php script until a patch is available. Restrict access to the prodViewUpdate.php script to minimize the risk of exploitation. Avoid using the file upload feature in the affected script until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.