CVE-2025-5299
Vulnerability in SourceCodester Client Database Management System 1.0 allowing unrestricted file upload
Overview
A critical vulnerability discovered in SourceCodester Client Database Management System 1.0 allows for illicit file uploads. This vulnerability is found within /user_order_customer_update.php and can be exploited remotely.
Technical Details
The vulnerability lies in the manipulation of the argument uploaded_file_cancelled, which leads to unrestricted file upload. The attack can be initiated remotely without any user interaction.
CVSS Metrics
- Base Score: 6.9
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Attack Requirements: NONE
- Privileges Required: NONE
- User Interaction: NONE
- Vulnerability Confidentiality Impact: LOW
- Vulnerability Integrity Impact: LOW
- Vulnerability Availability Impact: LOW
Impact
This vulnerability could compromise the integrity and confidentiality of the system, allowing for unauthorized information disclosure and potential disruption of service.
Recommendations
To mitigate this vulnerability, users are advised to restrict the file types that can be uploaded and to implement a secure file upload process that checks and validates files thoroughly before upload.
Threat Metrics
- cvss_score: 6.9
- severity: MEDIUM
- attack_vector: NETWORK
- attack_complexity: LOW