CVE-2025-6900
BaseFortify
Publication date: 2025-06-30
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| code-projects | library_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6900 is a critical vulnerability in the code-projects Library System version 1.0, specifically in the /add-book.php file. It arises from improper validation of the 'image' parameter, allowing attackers to upload malicious files such as PHP webshells without restriction. This unrestricted file upload enables remote attackers to execute arbitrary code on the server by uploading and running malicious scripts, leading to full system compromise. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to full remote compromise of the affected system. Attackers can upload malicious PHP scripts (e.g., AntSword webshells) that allow them to execute system commands, browse the file system, steal sensitive data such as database configuration and user information, escalate privileges, move laterally within the network, and maintain persistent access by uploading additional backdoors. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by searching for suspicious HTTP POST requests to /add-book.php that include file uploads with PHP extensions or payloads containing patterns like 'eval(base64_decode' or POST parameters starting with 'a=ZXZ' (AntSword's Base64 prefix). Network detection can use Google Dorking with the query "inurl:add-book.php" to identify vulnerable targets. On the server, commands to find uploaded PHP files in the web-accessible upload directory (e.g., /uploads/) include: `find /path/to/webroot/uploads/ -type f -name '*.php'` and to check for suspicious content inside files: `grep -r --include='*.php' 'eval(base64_decode' /path/to/webroot/uploads/`. Additionally, monitoring web server logs for POST requests to /add-book.php with unusual file types or payloads can help detect exploitation attempts. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include blocking uploads of PHP scripts at the web server level using directives such as Apache's `<FilesMatch "\.(php|php3|php5|phtml)$"> Require all denied </FilesMatch>`. Implement Web Application Firewall (WAF) rules to detect and block AntSword-specific payloads, for example, those containing 'eval(base64_decode' or POST parameters starting with 'a=ZXZ'. Additionally, restrict execution permissions in the upload directory to prevent execution of uploaded scripts. It is also recommended to replace the affected product with a secure alternative as no full countermeasures are currently available. [1, 3]