CVE-2025-66802
Remote Code Execution in Sourcecodester Covid-19 Contact Tracing System
Publication date: 2026-01-12
Last updated on: 2026-01-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sourcecodester | covid-19_contact_tracing_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-66802 is a critical Remote Code Execution (RCE) vulnerability in Sourcecodester Covid-19 Contact Tracing System version 1.0. It occurs because the application allows remote attackers to upload malicious PHP files disguised as user images without proper server-side validation. This enables attackers to execute arbitrary PHP code on the server remotely, gaining control over the system without needing any privileges or user interaction. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to a full system compromise by allowing attackers to execute arbitrary code with the privileges of the web server process. Potential impacts include unauthorized data access, modification of application behavior, service disruption, and complete loss of confidentiality, integrity, and availability of the affected system. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on monitoring the file upload functionality for suspicious files, especially PHP files disguised as images. You can check the upload directories for unexpected PHP files or files with executable extensions. Commands to find such files on the server include: `find /path/to/upload/directory -type f \( -name "*.php" -o -name "*.php5" -o -name "*.phtml" \)` to locate potentially malicious uploaded files. Additionally, monitoring web server logs for unusual POST requests to the upload endpoint or reverse shell connection attempts can help detect exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing strict server-side validation of uploaded files to restrict allowed file extensions and MIME types, ensuring that only safe file types (e.g., images without executable code) are accepted. Store uploaded files outside the web root to prevent direct execution. Disable execution permissions on upload directories to prevent execution of uploaded scripts. Apply any available vendor patches or updates promptly. Additionally, monitor and restrict access to the file upload functionality to trusted users if possible. [2]