CVE-2025-6161
BaseFortify
Publication date: 2025-06-17
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fabian | simple_food_ordering_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6161 is a critical arbitrary file upload vulnerability in the Simple Food Ordering System version 1.0, specifically in the /editproduct.php file. The vulnerability occurs because the application fails to properly validate and sanitize the uploaded file's type, extension, content, and filename in the 'photo' parameter. This allows attackers to upload malicious files, such as webshells, without restriction or authentication. Once uploaded, these files can be used to execute arbitrary commands on the server, potentially leading to full server compromise and unauthorized access. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized remote code execution, full server compromise, and unauthorized access to sensitive data. Attackers can upload malicious files that allow them to execute commands on the server, overwrite existing files, or place files in unintended directories. This compromises the confidentiality, integrity, and availability of the affected system, potentially leading to data breaches, service disruption, and loss of control over the server. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious file uploads to the /editproduct.php endpoint, especially files uploaded via the 'photo' parameter. One detection method is to look for unusual or executable file types being uploaded, such as PHP files or webshells. Using web server logs, you can search for POST requests to /editproduct.php with multipart/form-data content. Additionally, Google dorking with queries like "inurl:editproduct.php" can help identify vulnerable targets externally. For local detection, commands like 'grep' on server logs can be used, e.g., grep 'POST /editproduct.php' /var/log/apache2/access.log or equivalent. Also, scanning the upload directories for unexpected files (e.g., *.php) can help detect exploitation. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Validating uploaded file types by checking extensions and MIME types, allowing only necessary file types. 2) Verifying file content server-side using methods like magic number checks. 3) Renaming uploaded files to random names to prevent user-controlled filenames. 4) Storing uploaded files outside the web root or in directories with restricted permissions. 5) Setting proper file permissions, such as read-only for the web server, to prevent execution if not needed. If possible, replace the affected product with a secure alternative, as no known patches or countermeasures are currently reported. [2, 3]