CVE-2025-7175

Name of the Vulnerable Software and Affected Versions: code-projects E-Commerce Site version 1.0

Description: A critical issue has been found in the code-projects E-Commerce Site, affecting an unknown function of the file /admin/users photo.php. The manipulation of the photo argument leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations: For code-projects E-Commerce Site version 1.0, consider disabling the upload functionality in the /admin/users photo.php file until a patch is available. Restrict access to the /admin/users photo.php file to minimize the risk of exploitation. Avoid using the photo argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.