CVE-2025-2606

CWE-284 — Improper Access Control CWE-434 — Unrestricted File Upload CWE-7044 documents4 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 70.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Best Church Management Software Mayurik Best Church Management Software

Timeline

PublishedMar 21

Description

A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/soulwinning_crud.php. The manipulation of the argument photo/photo1 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5sourcecodester/best_church_management_software1.0

▶NVDmayurik/best_church_management_software1.0

🔴Vulnerability Details

CVEList

SourceCodester Best Church Management Software soulwinning_crud.php unrestricted upload↗2025-03-21

▶

GHSA

GHSA-xhqx-hw3w-p9q3: A vulnerability was found in SourceCodester Best Church Management Software 1↗2025-03-21

▶

📋Vendor Advisories

Microsoft

Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124.↗2024-03-12

▶