Path Traversal Vulnerability in SourceCodester Best Church Management Software
CVE-2025-1599

5.4MEDIUM

Key Information:

Vendor: SourceCodester
Status: Best Church Management Software
Vendor: CVE Published:; 24 February 2025

Summary

A path traversal vulnerability has been identified in the SourceCodester Best Church Management Software version 1.0, specifically affecting the file /admin/app/profile_crud.php. The issue arises from improper handling of the 'old_cat_img' argument, allowing an attacker to manipulate the path and potentially gain unauthorized access to files outside the intended directory structure. This vulnerability can be exploited remotely, making it a significant security concern. Despite efforts to inform the vendor about this vulnerability, no response was received.

References

https://github.com/xiahao90/CVEproject/blob/main/xiahao.w...

https://vuldb.com/?ctiid.296594

https://vuldb.com/?id.296594

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 24, 2025