CVE-2025-0206
Published: 04 January 2025
Description
A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Security Summary
CVE-2025-0206 is a vulnerability classified as critical in code-projects Online Shoe Store 1.0, affecting an unknown functionality within the /admin/index.php file. It stems from improper access controls, mapped to CWE-266 and CWE-284, and was published on 2025-01-04T12:15:24.830 with a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
The vulnerability enables remote exploitation without authentication or user interaction. Attackers can manipulate the affected functionality to bypass access controls, resulting in low-impact unauthorized disclosure of confidential information, with no impact on integrity or availability.
Advisories on VulDB (ctiid.290143, id.290143, submit.474033) document the issue, and a proof-of-concept exploit is publicly available via a GitHub Gist at https://gist.github.com/th4s1s/955b71b20235dddf30689d4b85b4d271. The project source is hosted at https://code-projects.org/. No patches or specific mitigations are detailed in the available references.
The exploit has been disclosed to the public and may be used in attacks.
Details
- CWE(s)