CRITICAL🇵🇱 Wersja polska

CVE-2025-46191

CVSS 9.8v3.1pub. 2025-05-09upd. 2025-05-22

Arbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploaded_file_cancelled field. Due to the absence of proper file extension checks, MIME type validation, and authentication, attackers can upload executable PHP files to a web-accessible directory (/files/). This allows them to execute arbitrary commands remotely by accessing the uploaded script, resulting in full Remote Code Execution (RCE) without authentication.

🤖 AI Analysis
How it works

The attacker sends an HTTP request to the user_payment_update.php endpoint, uploading a malicious PHP file through the uploaded_file_cancelled form field. The application does not verify the file extension or MIME type, nor does it require authentication. The uploaded file is placed in the publicly accessible /files/ directory on the web server. The attacker can then directly invoke this file via a browser or HTTP request, resulting in the execution of arbitrary system commands in the context of the server.

Impact

Attacker gains full control over the server by executing arbitrary code (RCE) without requiring authentication, which may lead to data theft, system takeover, backdoor installation, or further lateral movement in the network.

Mitigation & patch

Apply patches available from the manufacturer in accordance with the references. As a temporary measure, it is recommended to restrict access to the user_payment_update.php endpoint at the firewall or web server level, disable the ability to execute PHP scripts in the /files/ directory, and implement file extension and MIME type validation for uploaded files along with mandatory authentication for all file upload operations.

Who is affected

SourceCodester Client Database Management System version 1.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Lerouxyxchire Client Database Management System

    APP
    Lerouxyxchire
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-46188CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Client Database Management System 1.0

CVE-2025-46189CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Client Database Management System 1.0

CVE-2025-46190CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Client Database Management System 1.0

CVE-2025-46192CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Client Database Management System 1.0

CVE-2025-46193CRITICAL9.8PL ✓ten sam produkt

RCE poprzez Arbitrary File Upload w SourceCodester Client Database Management System 1.0