Unrestricted File Upload Vulnerability in SourceCodester Client Database Management System
CVE-2025-5840

6.9MEDIUM

What is CVE-2025-5840?

The SourceCodester Client Database Management System version 1.0 contains a vulnerability in the '/user_update_customer_order.php' file that allows unauthorized users to upload files. This unrestricted file upload flaw can be exploited remotely, posing a significant risk to systems utilizing the software. Proper validation and sanitization of file inputs are critical to mitigate such vulnerabilities and protect sensitive data.

Affected Version(s)

Client Database Management System 1.0

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Fred_Su (VulDB User)
.