PT-2025-24048 · Sourcecodester · Sourcecodester Open Source Clinic Management System
Mysq
·
Published
2025-06-06
·
Updated
2025-06-06
·
CVE-2025-5728
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Open Source Clinic Management System version 1.0
Description
A critical issue was found in the /manage website.php file, affecting unknown code. The manipulation of the
website image argument leads to unrestricted upload. The attack can be initiated remotely. An exploit has been publicly disclosed and may be used.Recommendations
For SourceCodester Open Source Clinic Management System version 1.0, consider restricting access to the /manage website.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the
website image argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester Open Source Clinic Management System