Unrestricted Upload Vulnerability in SourceCodester E-Learning System
CVE-2025-1590

5.1MEDIUM

Key Information:

Vendor
Sourcecodester
Status
E-learning System
Vendor
CVE Published:
23 February 2025

Summary

A vulnerability exists in the SourceCodester E-Learning System in the /admin/modules/lesson/index.php file, which allows for unrestricted file uploads. This flaw can be exploited by attackers to upload malicious files remotely, potentially compromising the integrity and security of the application. It's critical for users of this system to apply updates and safeguards to prevent unauthorized access and file manipulation.

Affected Version(s)

E-Learning System 1.0

References

https://vuldb.com/?id.296574
vdb-entry
https://vuldb.com/?ctiid.296574
signaturepermissions-required
https://vuldb.com/?submit.504045
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dariusz (VulDB User)
.