CVE-2025-1593

CWE-284Improper Access ControlCWE-434Unrestricted File Upload4 documents4 sources
Severity
5.1MEDIUM
EPSS
0.0%
top 91.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Best Employee Management SystemMayurik Best Employee Management System
Timeline
PublishedFeb 23
Latest updateOct 23

Description

A vulnerability classified as critical has been found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /_hr_soft/assets/uploadImage/Profile/ of the component Profile Picture Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
SourceCodester Best Employee Management System Profile Picture unrestricted upload2025-02-23
GHSA
GHSA-4qhr-cpgg-2jgg: A vulnerability classified as critical has been found in SourceCodester Best Employee Management System 12025-02-23

💬Community

1
Bugzilla
CVE-2025-62813 lz4: LZ4 null handling error2025-10-23
CVE-2025-1593 (MEDIUM CVSS 5.1) | A vulnerability classified as criti | cvebase.io