PT-2025-7690 · Sourcecodester · Sourcecodester Best Employee Management System

Dariusz

Published

2025-02-23

Updated

2025-02-23

CVE-2025-1593

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Best Employee Management System version 1.0

Description A critical issue has been discovered, affecting the Profile Picture Handler component, specifically the file / hr soft/assets/uploadImage/Profile/. This issue allows for unrestricted upload, which can be initiated remotely.

Recommendations For SourceCodester Best Employee Management System version 1.0, consider restricting access to the Profile Picture Handler component to minimize the risk of exploitation. As a temporary workaround, avoid using the upload functionality in the Profile Picture Handler until a fix is available.

Fix

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-1593

Affected Products

Sourcecodester Best Employee Management System

PT-2025-7690 · Sourcecodester · Sourcecodester Best Employee Management System

CVE-2025-1593

Weakness Enumeration

Related Identifiers

Affected Products

References · 10