Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/11 12:15 a.m.23 views

CVE-2025-46191

Arbitrary File Upload in userpaymentupdate.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploadedfilecancelled field. Due to the absence of proper file extension checks, MIME type validation, and authentication, attacker...

9.8CVSS8.6AI score0.00977EPSS
Exploits0References1
Circl
Circl
added 2025/05/09 5:25 p.m.17 views

CVE-2025-46191

creationtimestamp| type| source ---|---|--- 2025-05-09 17:25:45+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15782 2025-05-09 18:32:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lor2rtmsuu2r 2025-05-09 20:23:18+00:00| seen|...

9.8CVSS4.8AI score0.00977EPSS
Exploits0References3
NVD
NVD
added 2025/05/09 5:15 p.m.25 views

CVE-2025-46191

Arbitrary File Upload in userpaymentupdate.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploadedfilecancelled field. Due to the absence of proper file extension checks, MIME type validation, and authentication, attacker...

9.8CVSS0.00977EPSS
Exploits0References2
CVE
CVE
added 2025/05/09 12:0 a.m.70 views

CVE-2025-46191

CVE-2025-46191 affects SourceCodester Client Database Management System 1.0, where an unauthenticated user can upload files through the uploaded_file_cancelled field in the file upload routine in user_payment_update.php . The vulnerability stems from inadequate validation: no proper file extensio...

9.8CVSS8.7AI score0.00977EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder