CVE-2025-45997

Name of the Vulnerable Software and Affected Versions Sourcecodester Web-based Pharmacy Product Management System version 1.0 Sourcecodester Web-based Pharmacy Product Management System version 0.0.1

Description The issue allows an attacker to upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg. This can be exploited by changing the header to mimic an image file, allowing the upload of malicious PHP code.

Recommendations For version 1.0, update the file upload validation to check the actual file type rather than relying on the Content-Type header. For version 0.0.1, implement a secure file upload mechanism that verifies the file type and prevents the upload of executable code, such as PHP files. As a temporary workaround, consider disabling the file upload feature until a secure update is available.