CVE-2025-3244

Published: Apr 4, 2025Modified: May 14, 2025

5.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add-admin.php of the component Create User Page. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Senior Walter: Web Based Pharmacy Product Management System

1 product

Web Based Pharmacy Product Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Senior Walter Web Based Pharmacy Product Management System	Version 1.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (5)

https://github.com/6s6-630/CVE/blob/main/yaofang.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.303271

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.303271

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.547916

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.sourcecodester.com/

Source: cna@vuldb.com

Product

Timeline

No history available yet.