CVE-2025-10427 | THREATINT

Description

A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. This impacts an unknown function of the file /admin/operation/user.php. Executing manipulation of the argument website_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.

Es wurde eine Schwachstelle in SourceCodester Pet Grooming Management Software 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei /admin/operation/user.php. Die Bearbeitung des Arguments website_image verursacht unrestricted upload. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit wurde der Öffentlichkeit bekannt gemacht und könnte verwendet werden.

PUBLISHED Reserved 2025-09-14 | Published 2025-09-15 | Updated 2025-09-15 | Assigner VulDB

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Unrestricted Upload

Improper Access Controls

Product status

1.0

affected

Timeline

2025-09-14:	Advisory disclosed
2025-09-14:	VulDB entry created
2025-09-14:	VulDB entry last update

Credits

joinia (VulDB User) reporter

References

vuldb.com/?id.323861 (VDB-323861 | SourceCodester Pet Grooming Management Software user.php unrestricted upload) vdb-entry technical-description

vuldb.com/?ctiid.323861 (VDB-323861 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.647463 (Submit #647463 | sourcecodester Pet grooming management software August 30, 2025 Unrestricted Upload) third-party-advisory

github.com/...management-software/petgrooming-upload-user.md exploit

www.sourcecodester.com/ product

cve.org (CVE-2025-10427)

nvd.nist.gov (CVE-2025-10427)

Download JSON