CVE-2025-5840
Severity
6.9MEDIUM
EPSS
0.3%
top 45.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 7
Description
A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_update_customer_order.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to initiate the attack remotely.
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N