4 matches found
CVE-2025-46191
Arbitrary File Upload in userpaymentupdate.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploadedfilecancelled field. Due to the absence of proper file extension checks, MIME type validation, and authentication, attacker...
CVE-2025-46191
creationtimestamp| type| source ---|---|--- 2025-05-09 17:25:45+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15782 2025-05-09 18:32:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lor2rtmsuu2r 2025-05-09 20:23:18+00:00| seen|...
CVE-2025-46191
Arbitrary File Upload in userpaymentupdate.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploadedfilecancelled field. Due to the absence of proper file extension checks, MIME type validation, and authentication, attacker...
CVE-2025-46191
CVE-2025-46191 affects SourceCodester Client Database Management System 1.0, where an unauthenticated user can upload files through the uploaded_file_cancelled field in the file upload routine in user_payment_update.php . The vulnerability stems from inadequate validation: no proper file extensio...