CVE-2025-10081
Published
CVSS v3
4.7
MEDIUM
CVSS v2
5.8
MEDIUM
Affected
1
PROJECT
Description
A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument website_image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
An authenticated attacker can upload arbitrary files, including PHP code, instead of restricted image files. This results in Remote Code Execution (RCE) on the hosting server.
GitHub