CVE-2025-1160
Published: 10 February 2025
Description
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument username/password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Security Summary
CVE-2025-1160 is a critical vulnerability in SourceCodester Employee Management System 1.0, published on 2025-02-10. It affects an unknown functionality within the file index.php, where manipulation of the username and password arguments enables the use of default credentials. The issue is classified under CWE-1392 and NVD-CWE-Other, with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
The vulnerability can be exploited remotely by any unauthenticated attacker requiring low attack complexity and no user interaction. Successful exploitation grants limited access via the default credentials, potentially allowing low-level impacts on confidentiality, integrity, and availability.
VulDB advisories (ctiid.295064, id.295064, and submit.493860) detail the vulnerability, while a proof-of-concept exploit has been publicly disclosed on GitHub at https://gist.github.com/jmx0hxq/0e9cde14b6e9190a7451cd72d7b23bfd. The vendor site is available at https://www.sourcecodester.com/. No specific patch or mitigation details are provided in the referenced sources.
Details
- CWE(s)