PT-2025-16184 · Unknown · Tutorials-Website Employee Management System
Maloyroyorko
·
Published
2025-04-13
·
Updated
2025-04-13
·
CVE-2025-3537
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
Tutorials-Website Employee Management System version 1.0
Description:
A vulnerability was found in the Tutorials-Website Employee Management System, affecting an unknown part of the file
/admin/update-user.php. The manipulation of the ID argument leads to improper authorization, allowing for remote attacks. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Recommendations:
As a temporary workaround, consider restricting access to the
/admin/update-user.php file until a patch is available.
Avoid using the ID argument in the affected file until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Improper Authorization
Incorrect Privilege Assignment
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tutorials-Website Employee Management System