Primary

Context

SourceCodester Pet Management System Unrestricted File Upload Vulnerability Leading to Remote Code Execution

Vulnerability

A vulnerability allowing unrestricted file uploads has been identified in SourceCodester Pet Management System version 1.0. The issue resides in the admin/profile.php file, where the website_image parameter can be manipulated to upload arbitrary files, including PHP scripts. This flaw allows authenticated users to execute remote code on the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the application is hosted.

Reproduction

To reproduce this vulnerability, an authenticated user must upload a file through the Profile Update form, specifically using the website_image parameter. The uploaded file can contain PHP code, which will be executed on the server.

Added: Sep 8, 2025, 4:17 AM

Updated: Sep 8, 2025, 4:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SourceCodester Pet Management System Unrestricted File Upload Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating