CVE-2025-3764

Name of the Vulnerable Software and Affected Versions SourceCodester Web-based Pharmacy Product Management System version 1.0

Description A critical vulnerability was found in the SourceCodester Web-based Pharmacy Product Management System. This issue affects the file /edit-product.php and allows for unrestricted upload through the manipulation of the Avatar argument. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For SourceCodester Web-based Pharmacy Product Management System version 1.0, consider disabling the file upload functionality in /edit-product.php to prevent exploitation until a patch is available. Restrict access to the Avatar argument to minimize the risk of unrestricted upload. Avoid using the Avatar argument in the /edit-product.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.