CVE-2025-45997

HIGH Year: 2025
CVSS v3 Score
8.6
High
Weakness Type
CWE-434
View all →

Vulnerability Description

Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg.

Related Vulnerabilities

CVE-2020-3436

HIGH
CVSS:8.6(High)

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arb...

CWE-4342020

CVE-2021-21355

HIGH
CVSS:8.6(High)

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime...

CWE-4342021

CVE-2021-39141

HIGH
CVSS:8.5(High)

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...

CWE-4342021

CVE-2021-39145

HIGH
CVSS:8.5(High)

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...

CWE-4342021

CVE-2021-39146

HIGH
CVSS:8.5(High)

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...

CWE-4342021

CVE-2021-39147

HIGH
CVSS:8.5(High)

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...

CWE-4342021