code-projects Simple Food Ordering System addproduct.php unrestricted upload_CVE-2025-12378

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addproduct.php. Performing manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

Basic Information

ID CVE-2025-12378

Source VulDB

Published Oct 28, 2025 at 05:32

Affected Product

Vendor code-projects

Product Simple Food Ordering System

Version 1.0

Affected Versions code-projects Simple Food Ordering System 1.0

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addproduct.php. Performing manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.",
    "published": "2025-10-28T05:32:05.752Z",
    "modified": "2025-10-28T05:32:05.752Z",
    "type": "cve",
    "title": "code-projects Simple Food Ordering System addproduct.php unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.330214\nhttps://vuldb.com/?ctiid.330214\nhttps://vuldb.com/?submit.674562\nhttps://github.com/tinggeogle01-lang/cve/issues/1\nhttps://code-projects.org/",
    "id": "CVE-2025-12378",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "code-projects Simple Food Ordering System 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Simple Food Ordering System",
    "version": "1.0",
    "vendor": "code-projects",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}