CVE-2025-14885

CWE-284Improper Access ControlCWE-434Unrestricted File Upload3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.0%
top 85.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Client Database Management SystemLerouxyxchire Client Database Management System
Timeline
PublishedDec 18

Description

A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_leads.php of the component Leads Generation Module. Executing manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
SourceCodester Client Database Management System Leads Generation user_leads.php unrestricted upload2025-12-18
GHSA
GHSA-627j-54m3-3qr2: A flaw has been found in SourceCodester Client Database Management System 12025-12-18
CVE-2025-14885 (MEDIUM CVSS 5.3) | A flaw has been found in SourceCode | cvebase.io