CVE-2025-45997 — Unrestricted File Upload in Web-based Pharmacy Product Management System

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

8.6HIGHNVD

EPSS

0.7%

top 27.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Senior-walter Web-based Pharmacy Product Management System

Timeline

PublishedMay 28

Description

Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:LExploitability: 3.9 | Impact: 4.7

Affected Packages1 packages

▶NVDsenior-walter/web-based_pharmacy_product_management_system1.0

🔴Vulnerability Details

CVEList

CVE-2025-45997: Sourcecodester Web-based Pharmacy Product Management System v↗2025-05-28

▶

GHSA

GHSA-9hcm-55mc-5fmj: Sourcecodester Web-based Pharmacy Product Management System v↗2025-05-28

▶