CVE-2025-14195
BaseFortify
Publication date: 2025-12-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| carmelogarcia | employee_profile_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a security flaw in the Employee Profile Management System 1.0, specifically in the file /profiling/add_file_query.php. It involves manipulation of the per_file argument, which allows an attacker to upload files without restriction. This can be exploited remotely and the exploit code has been made public.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to upload arbitrary files to the system remotely, potentially leading to unauthorized access, data compromise, or further exploitation of the system. This can result in loss of data integrity, confidentiality, and availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly discuss the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA. However, given that the vulnerability allows remote attackers to upload and execute arbitrary code, leading to full server compromise and potential data theft, it can be inferred that this flaw poses a significant risk to the confidentiality, integrity, and availability of sensitive data. Such risks could lead to non-compliance with data protection regulations that require safeguarding personal and sensitive information. Nonetheless, no direct statements or analysis regarding compliance impact are present in the provided texts. [1, 2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable file upload endpoint `/profiling/add_file_query.php` and verifying if arbitrary files, especially PHP scripts, can be uploaded and executed. One method is to attempt uploading a test PHP file (e.g., `shell.php`) containing simple PHP code like `<?php echo 'UPLOAD_OK'; ?>` via the upload form or using curl. After uploading, accessing the uploaded file URL (e.g., `http://localhost/Profiling/uploads/shell.php`) should be tested to see if the PHP code executes. Additionally, Google dorking can be used to identify vulnerable targets with the query `inurl:profiling/add_file_query.php`. Example curl command to test upload: ```curl -i -X POST "http://localhost/Profiling/add_file_query.php" -F "per_name=1" -F "[email protected];type=application/x-php" -F "upload=Save"``` [2, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Implementing a strict allow-list for file extensions, permitting only safe types such as `.pdf`, `.docx`, `.jpg`, `.png` and rejecting dangerous extensions like `.php`, `.phtml`, `.php3`, `.phar`. 2) Validating MIME types and file content server-side using functions like `finfo_file()`. 3) Storing uploaded files outside the web root and serving them via controlled download scripts that do not execute code. 4) Randomizing stored filenames instead of using the original filename to prevent overwriting and guessing. 5) Disabling script execution in the uploads directory via web server configuration, for example by using `.htaccess` or equivalent to turn off PHP execution in the uploads folder. These steps reduce the risk of arbitrary code execution through uploaded files. [2]