CVE-2025-5299

Name of the Vulnerable Software and Affected Versions SourceCodester Client Database Management System version 1.0

Description A critical vulnerability was found in the SourceCodester Client Database Management System. The issue affects the file /user order customer update.php, where the manipulation of the uploaded file cancelled argument leads to unrestricted upload. This can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For SourceCodester Client Database Management System version 1.0, as a temporary workaround, consider disabling the file /user order customer update.php or restricting access to it until a patch is available. Avoid using the uploaded file cancelled argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.