CVE-2025-1166

Published: Feb 11, 2025Modified: Aug 1, 2025

5.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability has been found in SourceCodester Food Menu Manager 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file endpoint/update.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Remyandrade: Food Menu Manager

1 product

Food Menu Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Remyandrade Food Menu Manager	Version 1.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (5)

https://gist.github.com/jmx0hxq/0ce2c97ca11b2423a203b5719438c9f8

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.295069

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.295069

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.494567

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.sourcecodester.com/

Source: cna@vuldb.com

Product

Timeline

No history available yet.