CVE-2025-5728
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nikhil-bhalerao | open_source_clinic_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5728 is a critical vulnerability in the SourceCodester Open Source Clinic Management System version 1.0, specifically in the /manage_website.php file. It occurs because the application does not properly restrict or sanitize the 'website_image' parameter, allowing attackers to upload arbitrary and potentially dangerous files without restriction. This unrestricted file upload can lead to remote code execution, enabling attackers to compromise the system's confidentiality, integrity, and availability. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized remote code execution, which allows attackers to run malicious code on the affected system. This compromises the confidentiality, integrity, and availability of the system, potentially leading to data breaches, system manipulation, or denial of service. Since the exploit can be performed remotely without authentication, it poses a significant security risk. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable file /manage_website.php on your system or web server. Additionally, you can use Google dorking with the query "inurl:manage_website.php" to identify potentially vulnerable targets. Monitoring for unusual file uploads or files accessible on the website that should not be there can also help detect exploitation attempts. Specific commands are not provided, but searching your web server files for /manage_website.php and reviewing web server logs for suspicious POST requests to this file may help detect exploitation. [3]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations are currently available for this vulnerability. The recommended immediate step is to replace the affected product, SourceCodester Open Source Clinic Management System version 1.0, with an alternative solution. Additionally, restricting access to the /manage_website.php file, disabling file uploads if possible, or implementing strict file upload validation and filtering could help reduce risk until a patch or fix is available. [3]