CVE-2025-29708

Name of the Vulnerable Software and Affected Versions SourceCodester Company Website CMS version 1.0

Description The issue concerns a file upload vulnerability via the "Create Services" file. This vulnerability can be exploited through the "/dashboard/Services" API endpoint. The Create Services file is the vulnerable component in this case. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For version 1.0, consider disabling the file upload functionality via the "Create Services" file until a patch is available. Restrict access to the "/dashboard/Services" API endpoint to minimize the risk of exploitation. Avoid using the file upload feature in the affected API endpoint until the issue is resolved.