Skip to main content

Client Database Management System CVE-2025-4909

MEDIUM
Exposure of Information Through Directory Listing (CWE-548)
2025-05-19 cna@vuldb.com
6.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:42 vuln.today
PoC Detected
May 28, 2025 - 13:08 vuln.today
Public exploit code
CVE Published
May 19, 2025 - 04:15 nvd
MEDIUM 6.9

DescriptionCVE.org

A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-548. A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Affected products include: Lerouxyxchire Client Database Management System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-5840 HIGH POC
7.3 Jun 07

Critical unrestricted file upload vulnerability in SourceCodester Client Database Management System 1.0, affecting the /

CVE-2025-46191 CRITICAL
9.8 May 09

Arbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management System 1.0 allows unauthen

CVE-2025-46192 CRITICAL
9.8 May 09

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_update.php via the o

CVE-2025-46190 CRITICAL
9.8 May 09

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery_update.php via the

CVE-2025-14885 LOW POC
2.1 Dec 18

Unrestricted file upload in SourceCodester Client Database Management System 1.0 via the /user_leads.php endpoint in the

CVE-2025-63711 HIGH POC
7.1 Nov 10

A Cross-Site Request Forgery (CSRF) vulnerability in the SourceCodester Client Database Management System 1.0 allows an

CVE-2025-5299 MEDIUM POC
6.9 May 28

A vulnerability was found in SourceCodester Client Database Management System 1.0. Rated medium severity (CVSS 6.9), thi

CVE-2025-5207 MEDIUM POC
5.1 May 26

A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.

CVE-2025-5002 MEDIUM POC
6.9 May 20

A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. Ra

CVE-2025-4924 MEDIUM
6.9 May 19

A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. Ra

CVE-2025-4923 MEDIUM POC
6.9 May 19

A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.

CVE-2025-46193 CRITICAL
9.8 May 09

SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in

Share

CVE-2025-4909 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy