PT-2025-21927 · Unknown · Sourcecodester Client Database Management System
Akihi
·
Published
2025-05-19
·
Updated
2025-05-28
·
CVE-2025-4923
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SourceCodester Client Database Management System version 1.0
Description
A critical issue has been found in the processing of the file /user delivery update.php, where the manipulation of the
uploaded file cancelled argument leads to unrestricted upload. The attack can be initiated remotely, and the exploit has been disclosed to the public.Recommendations
For SourceCodester Client Database Management System version 1.0, consider disabling the file /user delivery update.php or restricting access to it until a patch is available. Additionally, restrict the manipulation of the
uploaded file cancelled argument to prevent unrestricted upload. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester Client Database Management System