Information Disclosure Vulnerability in SourceCodester Best Employee Management System
CVE-2025-1606
Key Information:
- Vendor
- Sourcecodester
- Vendor
- CVE Published:
- 24 February 2025
Badges
Summary
A vulnerability has been identified in the SourceCodester Best Employee Management System 1.0 that allows for information disclosure due to improper handling of code in the /admin/backup/backups.php file. This flaw can be exploited remotely, enabling attackers to access sensitive data. Despite outreach efforts to the vendor, no response was received regarding this serious issue, which raises concerns about the security of user information within the application. Potential threats may exploit the publicly disclosed exploit, making it crucial for users to take immediate action to safeguard their systems.
Affected Version(s)
Best Employee Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published