Unrestricted File Upload Vulnerability in SourceCodester Client Database Management System
CVE-2025-5840

6.9MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Client Database Management System
Vendor
CVE Published:
7 June 2025

What is CVE-2025-5840?

The SourceCodester Client Database Management System version 1.0 contains a vulnerability in the '/user_update_customer_order.php' file that allows unauthorized users to upload files. This unrestricted file upload flaw can be exploited remotely, posing a significant risk to systems utilizing the software. Proper validation and sanitization of file inputs are critical to mitigate such vulnerabilities and protect sensitive data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Client Database Management System 1.0

References

https://vuldb.com/?id.311583
vdb-entrytechnical-description
https://vuldb.com/?ctiid.311583
signaturepermissions-required
https://vuldb.com/?submit.591425
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Fred_Su (VulDB User)
JSON
.