CVE-2025-1593
Published: 23 February 2025
Description
A vulnerability classified as critical has been found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /_hr_soft/assets/uploadImage/Profile/ of the component Profile Picture Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely.
Security Summary
CVE-2025-1593 is a vulnerability classified as critical in SourceCodester Best Employee Management System 1.0, affecting an unknown part of the file /_hr_soft/assets/uploadImage/Profile/ within the Profile Picture Handler component. It enables unrestricted upload through manipulation, remotely exploitable, with a CVSS v3.1 base score of 4.7 (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L). The issue maps to CWE-284 (Improper Access Control) and CWE-434 (Unrestricted Upload of File with Dangerous Type).
Attackers require high privileges (PR:H) to exploit this remotely over the network with low complexity and no user interaction. Successful exploitation results in low impacts to confidentiality, integrity, and availability, potentially allowing unauthorized file uploads that could lead to further compromise depending on the uploaded content.
Advisories and additional details are available via VulDB at https://vuldb.com/?ctiid.296577, https://vuldb.com/?id.296577, and https://vuldb.com/?submit.505212, along with the vendor site at https://www.sourcecodester.com/.
Details
- CWE(s)