EUVD-2025-17378CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Description
A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_update_customer_order.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to initiate the attack remotely.
Analysis
Critical unrestricted file upload vulnerability in SourceCodester Client Database Management System 1.0, affecting the /user_update_customer_order.php endpoint. An unauthenticated remote attacker can upload arbitrary files by manipulating the 'uploaded_file' parameter, potentially leading to remote code execution, data integrity compromise, and service disruption. The vulnerability has a CVSS 7.3 score and poses moderate-to-high real-world risk given the unauthenticated attack vector and low complexity.
Technical Context
The vulnerability stems from improper input validation in file upload handling, classified under CWE-284 (Improper Access Control – Permissions, Privileges, and Other Access Controls). The affected file /user_update_customer_order.php processes the 'uploaded_file' parameter without adequate verification of file type, size, destination, or permissions. This is likely a PHP-based web application vulnerable to arbitrary file upload attacks. The root cause is the absence of server-side validation mechanisms such as file extension whitelisting, MIME type verification, stored file isolation from web root, and access control checks. SourceCodester products are known for open-source database management systems often deployed on shared hosting with PHP/MySQL stacks, making them targets for opportunistic attackers.
Affected Products
- product: SourceCodester Client Database Management System; version: 1.0; affected_component: /user_update_customer_order.php; vulnerability_type: Unrestricted File Upload; cpe: cpe:2.3:a:sourcecodester:client_database_management_system:1.0:*:*:*:*:*:*:*; attack_vector: Network (AV:N); notes: This is a legacy or older version; check for any patches or updates from SourceCodester. The product is commonly found in SMB deployments and educational environments.
Remediation
- action: Immediate - Apply Vendor Patch; details: Check SourceCodester official repositories and vendor advisories for patched versions. Upgrade to the latest available version beyond 1.0 that includes file upload validation fixes. - action: Workaround - Implement Web Application Firewall (WAF) Rules; details: Deploy WAF rules to block suspicious file uploads to /user_update_customer_order.php. Restrict uploads by file extension (whitelist only safe types: .pdf, .jpg, .png, .docx) and MIME type validation. - action: Mitigation - Server-Level Access Control; details: Configure web server to prevent execution of scripts in the upload directory (e.g., disable PHP execution in upload folders via .htaccess or nginx config). Move uploaded files outside the web root. - action: Mitigation - File Validation; details: Implement server-side validation: verify file extension against a whitelist, validate MIME types, enforce file size limits, rename uploaded files with random names, and store outside the web-accessible directory. - action: Monitoring - Enhanced Logging; details: Enable detailed logging of all upload attempts to /user_update_customer_order.php. Monitor for suspicious file types (e.g., .php, .exe, .sh) being uploaded or accessed. - action: Defense-in-Depth - Authentication & Authorization; details: Although the vulnerability is pre-auth, adding authentication and proper authorization checks to the upload endpoint provides additional defense layers.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today