File Upload Vulnerability in SourceCodester Company Website CMS
CVE-2025-29709

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Company Website CMS
Vendor: CVE Published:; 16 April 2025

Summary

The SourceCodester Company Website CMS 1.0 has a significant file upload vulnerability that allows unauthorized users to upload files through the 'Create portfolio' feature located at /dashboard/portfolio. This inadequately secured endpoint poses a risk of malicious file uploads, potentially leading to further exploitation of the server and unauthorized access to sensitive data. Website owners utilizing this CMS version should immediately assess their systems for this vulnerability and apply necessary security measures.

References

https://github.com/fupanc-w1n/fupanc/blob/main/php/Compan...

https://github.com/fupanc-w1n/fupanc/blob/main/php/CVE-20...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2025