CVE-2025-10427

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0

Description A weakness exists in SourceCodester Pet Grooming Management Software that allows for unrestricted file upload. The issue impacts an unknown function within the /admin/operation/user.php file. Manipulation of the website image argument can be used to exploit this weakness remotely. The exploit is publicly available.

Recommendations As a temporary workaround, restrict access to the /admin/operation/user.php file. Sanitize or validate the website image argument to prevent unrestricted file uploads.

Exploit

Fix

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-10427

Affected Products

Sourcecodester Pet Grooming Management

CVE-2025-10427

Weakness Enumeration

Related Identifiers

Affected Products

References · 11