CVE-2025-1606

CWE-200Information ExposureCWE-284Improper Access Control3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 70.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Best Employee Management SystemMayurik Best Employee Management System
Timeline
PublishedFeb 24

Description

A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
SourceCodester Best Employee Management System backups.php information disclosure2025-02-24
GHSA
GHSA-hqvq-4fpg-fwc7: A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 12025-02-24
CVE-2025-1606 (MEDIUM CVSS 5.3) | A vulnerability classified as probl | cvebase.io