CVE-2025-1593 MEDIUM

CVE-2025-1593: SourceCodester Best Employee Management System Profile Picture unrestricted upload

Vendor Sourcecodester
Product Best Employee Management System
Weakness CWE-434 · Unrestricted file upload
Published February 23, 2025
Last update February 24, 2025

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as critical has been found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /_hr_soft/assets/uploadImage/Profile/ of the component Profile Picture Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely.

Key dates

02Disclosure timeline

February 23, 2025 CVE published
February 24, 2025 Record updated

Related vulnerabilities

04Related CVE