CVE-2025-1166
Published: 11 February 2025
Description
A vulnerability has been found in SourceCodester Food Menu Manager 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file endpoint/update.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Security Summary
CVE-2025-1166 is a critical vulnerability in SourceCodester Food Menu Manager 1.0, affecting an unknown functionality within the endpoint/update.php file. The issue enables unrestricted file upload through manipulation of this endpoint. Published on 2025-02-11, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and is associated with CWE-284 (Improper Access Control) and CWE-434 (Unrestricted Upload of File with Dangerous Type).
The vulnerability can be exploited remotely by an attacker with low privileges, requiring no user interaction and low attack complexity. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling attackers to upload arbitrary files to the server.
Advisories and details are available from VulDB entries (vuldb.com/?ctiid.295069, vuldb.com/?id.295069, vuldb.com/?submit.494567) and the vendor site (sourcecodester.com). A proof-of-concept exploit has been publicly disclosed via a GitHub Gist (gist.github.com/jmx0hxq/0ce2c97ca11b2423a203b5719438c9f8).
Details
- CWE(s)