CVE-2025-12201
BaseFortify
Publication date: 2025-10-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ajayrandhawa | user-management-php-mysql | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12201 is an unrestricted file upload vulnerability in the ajayrandhawa User-Management-PHP-MYSQL application, specifically in the /admin/edit-user.php file of the User Management Interface. The vulnerability arises because the server does not properly validate uploaded files: it only superficially checks file extensions on the client side but does not verify the actual file type or content on the server side. This allows an attacker, after authenticating with sufficient privileges, to upload arbitrary files, potentially malicious, which can compromise the system. Uploaded files are also not renamed, allowing overwriting or predictable access. The vulnerability can be exploited remotely and a proof-of-concept exploit is publicly available. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to upload malicious files to your system, which can lead to compromise of confidentiality, integrity, and availability of your application and underlying system. Attackers could execute arbitrary code, overwrite important files, or gain further unauthorized access. Since the vulnerability requires authentication with elevated privileges, it could be exploited by insiders or attackers who have obtained such credentials. The exploit is easy to perform and publicly available, increasing the risk of exploitation. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying the presence of the vulnerable endpoint /admin/edit-user.php in the ajayrandhawa User-Management-PHP-MYSQL application. Attackers may use Google dorking with queries like "inurl:admin/edit-user.php" to find vulnerable targets. On your system, you can check for the existence of this file and test if the 'image' argument allows unrestricted file uploads by attempting to upload files with different extensions or contents beyond JPG/JPEG. Network monitoring for suspicious file upload attempts to this endpoint may also help detect exploitation attempts. Specific commands are not provided, but searching for the endpoint and testing upload functionality manually or via scripts is recommended. [2, 1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting access to the /admin/edit-user.php upload functionality, especially for untrusted users. Since no official patches or countermeasures are available and the vendor has not responded, consider replacing the affected software with an alternative product. Additionally, implement strict server-side validation of uploaded files, including verifying file types and contents, and renaming uploaded files to randomized filenames to prevent overwriting or predictable access. Monitoring and restricting administrative access and applying network-level protections can also help reduce risk. [2, 1]