CVE-2025-2651

CWE-548CWE-552Files Accessible to External PartiesCWE-835CWE-908Use of Uninitialized Resource5 documents5 sources
Severity
6.9MEDIUM
EPSS
0.2%
top 53.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Online Eyewear ShopOretnom23 Online Eyewear Shop
Timeline
PublishedMar 23
Latest updateJul 23

Description

A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. Multiple sub-directories are affected.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
ImageMagick has XMP profile write that triggers hang due to unbounded loop2025-07-23
CVEList
SourceCodester Online Eyewear Shop admin exposure of information through directory listing2025-03-23
GHSA
GHSA-4pjm-2jf5-8h3g: A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 12025-03-23
CVE-2025-2651 (MEDIUM CVSS 6.9) | A vulnerability | cvebase.io