Unrestricted File Upload in SourceCodester Best Employee Management System
CVE-2025-1593

5.1MEDIUM

Key Information:

Vendor
Sourcecodester
Status
Best Employee Management System
Vendor
CVE Published:
23 February 2025

Summary

The SourceCodester Best Employee Management System version 1.0 contains a vulnerability in the Profile Picture Handler component. This flaw allows for unrestricted file uploads through the file path /_hr_soft/assets/uploadImage/Profile/. Attackers can exploit this vulnerability remotely, potentially leading to unauthorized access and execution of arbitrary code.

Affected Version(s)

Best Employee Management System 1.0

References

https://vuldb.com/?id.296577
vdb-entry
https://vuldb.com/?ctiid.296577
signaturepermissions-required
https://vuldb.com/?submit.505212
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dariusz (VulDB User)
.