VDB-329871 · CVE-2025-12201 · CNNVD-202510-3759

ajayrandhawa User-Management-PHP-MYSQL User Management Interface /admin/edit-user.php image ବିସ୍ତାରିତ ଅଧିକାର

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu ajayrandhawa User-Management-PHP-MYSQL ଯେପର୍ଯ୍ୟନ୍ତ fedcf58797bf2791591606f7b61fdad99ad8bff1 keessatti argameera. Kan miidhamte is hojii hin beekamne faayilii /admin/edit-user.php keessa kutaa User Management Interface keessa. Hojii jijjiirraa irratti gaggeeffame image gara ବିସ୍ତାରିତ ଅଧିକାର geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-434 geessa. Dadhabbii kana yeroo 10/25/2025 maxxanfameera. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2025-12201tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Carraa exploit kana github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. Odeeffannoon kun rolling release fayyadama, kanaaf tamsaasa itti fufinsa qabu ni kenna. Kanaaf, odeeffannoon version miidhamte fi kan haaromfame hin argamu. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

4 ଆଡାପ୍ଟେସନ୍ · 106 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 10/25/2025 08:30 AM	ଅଦ୍ୟତନ 1/3 10/27/2025 04:57 AM	ଅଦ୍ୟତନ 2/3 10/28/2025 10:32 PM	ଅଦ୍ୟତନ 3/3 01/15/2026 09:47 PM
software_vendor	ajayrandhawa	ajayrandhawa	ajayrandhawa	ajayrandhawa
software_name	User-Management-PHP-MYSQL	User-Management-PHP-MYSQL	User-Management-PHP-MYSQL	User-Management-PHP-MYSQL
software_version	<=fedcf58797bf2791591606f7b61fdad99ad8bff1	<=fedcf58797bf2791591606f7b61fdad99ad8bff1	<=fedcf58797bf2791591606f7b61fdad99ad8bff1	<=fedcf58797bf2791591606f7b61fdad99ad8bff1
software_rollingrelease	1	1	1	1
software_component	User Management Interface	User Management Interface	User Management Interface	User Management Interface
software_file	/admin/edit-user.php	/admin/edit-user.php	/admin/edit-user.php	/admin/edit-user.php
software_argument	image	image	image	image
vulnerability_cwe	CWE-434 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-434 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-434 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-434 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_pr	H	H	H	H
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/Lianhaorui/Report/blob/main/FileUpload.docx	https://github.com/Lianhaorui/Report/blob/main/FileUpload.docx	https://github.com/Lianhaorui/Report/blob/main/FileUpload.docx	https://github.com/Lianhaorui/Report/blob/main/FileUpload.docx
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/Lianhaorui/Report/blob/main/FileUpload.docx	https://github.com/Lianhaorui/Report/blob/main/FileUpload.docx	https://github.com/Lianhaorui/Report/blob/main/FileUpload.docx	https://github.com/Lianhaorui/Report/blob/main/FileUpload.docx
source_cve	CVE-2025-12201	CVE-2025-12201	CVE-2025-12201	CVE-2025-12201
cna_responsible	VulDB	VulDB	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
software_type	Database Software	Database Software	Database Software	Database Software
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_au	M	M	M	M
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_pr	H	H	H	H
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	5.8	5.8	5.8	5.8
cvss2_vuldb_tempscore	5.0	5.0	5.0	5.0
cvss3_vuldb_basescore	4.7	4.7	4.7	4.7
cvss3_vuldb_tempscore	4.3	4.3	4.3	4.3
cvss3_meta_basescore	4.7	4.7	4.7	5.5
cvss3_meta_tempscore	4.3	4.5	4.5	5.4
cvss4_vuldb_bscore	5.1	5.1	5.1	5.1
cvss4_vuldb_btscore	2.0	2.0	2.0	2.0
advisory_date	1761343200 (10/25/2025)	1761343200 (10/25/2025)	1761343200 (10/25/2025)	1761343200 (10/25/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was identified in ajayrandhawa User-Management-PHP-MYSQL up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This affects an unknown part of the file /admin/edit-user.php of the component User Management Interface. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit is publicly available and might be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability was identified in ajayrandhawa User-Management-PHP-MYSQL up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This affects an unknown part of the file /admin/edit-user.php of the component User Management Interface. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit is publicly available and might be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability was identified in ajayrandhawa User-Management-PHP-MYSQL up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This affects an unknown part of the file /admin/edit-user.php of the component User Management Interface. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit is publicly available and might be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_cna_av		N	N	N
cvss4_cna_ac		L	L	L
cvss4_cna_at		N	N	N
cvss4_cna_pr		H	H	H
cvss4_cna_ui		N	N	N
cvss4_cna_vc		L	L	L
cvss4_cna_vi		L	L	L
cvss4_cna_va		L	L	L
cvss4_cna_sc		N	N	N
cvss4_cna_si		N	N	N
cvss4_cna_sa		N	N	N
cvss4_cna_bscore		5.1	5.1	5.1
cvss3_cna_av		N	N	N
cvss3_cna_ac		L	L	L
cvss3_cna_pr		H	H	H
cvss3_cna_ui		N	N	N
cvss3_cna_s		U	U	U
cvss3_cna_c		L	L	L
cvss3_cna_i		L	L	L
cvss3_cna_a		L	L	L
cvss3_cna_basescore		4.7	4.7	4.7
cvss2_cna_av		N	N	N
cvss2_cna_ac		L	L	L
cvss2_cna_au		M	M	M
cvss2_cna_ci		P	P	P
cvss2_cna_ii		P	P	P
cvss2_cna_ai		P	P	P
cvss2_cna_basescore		5.8	5.8	5.8
cnnvd_id			CNNVD-202510-3759	CNNVD-202510-3759
cnnvd_name			User-Management-PHP-MYSQL 代码问题漏洞	User-Management-PHP-MYSQL 代码问题漏洞
cnnvd_hazardlevel			3	3
cnnvd_create			2025-10-28	2025-10-28
cnnvd_publish			2025-10-27	2025-10-27
cnnvd_update			2025-10-28	2025-10-28
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				H
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				H
cvss3_nvd_a				H
cvss3_nvd_basescore				7.2

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Might our Artificial Intelligence support you?

Check our Alexa App!