CVE-2025-1590
Published: 23 February 2025
Description
A vulnerability was found in SourceCodester E-Learning System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/lesson/index.php of the component List of Lessons Page. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely.
Security Summary
CVE-2025-1590 is a critical vulnerability in SourceCodester E-Learning System 1.0, affecting an unknown function within the file /admin/modules/lesson/index.php of the List of Lessons Page component. The flaw enables unrestricted file upload, classified under CWE-284 (Improper Access Control) and CWE-434 (Unrestricted Upload of File with Dangerous Type). It carries a CVSS v3.1 base score of 4.7 (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L) and was published on 2025-02-23.
The vulnerability is remotely exploitable over the network with low complexity and no user interaction required, but demands high privileges (PR:H), such as administrative access. An attacker with these privileges can manipulate the affected endpoint to perform unrestricted uploads, potentially resulting in low-level impacts to confidentiality, integrity, and availability.
Advisories and further details are available via VulDB references at https://vuldb.com/?ctiid.296574, https://vuldb.com/?id.296574, and https://vuldb.com/?submit.504045, along with the vendor site at https://www.sourcecodester.com/. No specific patch or mitigation guidance is detailed in the available information.
Details
- CWE(s)