CVE Details
Basic Information
| Title | SourceCodester Simple Company Website SystemSettings.php unrestricted upload |
|---|---|
| Type | cve |
| Published | 2025-06-29T21:02:05.893Z |
| Last Seen |
Product Information
| Vendor | SourceCodester |
|---|---|
| Product | Simple Company Website |
| Version | 1.0 |
CVSS Information
| Base Score | 5.1 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in SourceCodester’s Simple Company Website 1.0 allows remote attackers to upload arbitrary files due to improper validation in SystemSettings.php. This could lead to code execution and server compromise. The issue is considered critical due to its potential impact. |
|---|---|
| AI Severity | High |
| Vendor | SourceCodester |
| Product | Simple Company Website |
| Affected Version | 1.0 |
Affected Products
- SourceCodester Simple Company Website 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-434, CWE-284 |
| Bulletin Family |
References
Description
A vulnerability classified as critical was found in SourceCodester Simple Company Website 1.0. This vulnerability affects unknown code of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.