File Upload Vulnerability in Sourcecodester Web-based Pharmacy Product Management System
CVE-2025-45997

8.6HIGH

Key Information:

Vendor: Sourcecodester
Status: Web-based Pharmacy Product Management System
Vendor: CVE Published:; 28 May 2025

🔔 Create Sourcecodester Vulnerability Alert

What is CVE-2025-45997?

The Sourcecodester Web-based Pharmacy Product Management System version 0.0.1 is susceptible to a file upload vulnerability. An attacker can exploit this weakness by uploading a PHP file with malicious intent, disguised as a standard image file. This is achieved by modifying the Content-Type header to 'image/jpg', enabling unauthorized access and potential execution of harmful scripts on the server.

References

https://www.sourcecodester.com/php/17883/web-based-produc...

https://github.com/litsasuk/CVE-POC/blob/main/CVE-2025-45...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2025
Vulnerability Reserved
Apr 22, 2025