CVE-2025-1606

A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Best-employee-management-system-information-leakage.md	Exploit Third Party Advisory
https://vuldb.com/?ctiid.296596	Permissions Required VDB Entry
https://vuldb.com/?id.296596	VDB Entry Third Party Advisory
https://vuldb.com/?submit.498421	VDB Entry Third Party Advisory
https://www.sourcecodester.com/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:mayurik:best_employee_management_system:1.0:*:*:*:*:*:*:*

History

28 Feb 2025, 18:33

Type	Values Removed	Values Added
First Time		Mayurik best Employee Management System Mayurik
CWE		NVD-CWE-noinfo
References	~~() https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Best-employee-management-system-information-leakage.md -~~	() https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Best-employee-management-system-information-leakage.md - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.296596 -~~	() https://vuldb.com/?ctiid.296596 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.296596 -~~	() https://vuldb.com/?id.296596 - VDB Entry, Third Party Advisory
References	~~() https://vuldb.com/?submit.498421 -~~	() https://vuldb.com/?submit.498421 - VDB Entry, Third Party Advisory
References	~~() https://www.sourcecodester.com/ -~~	() https://www.sourcecodester.com/ - Product
CPE		cpe:2.3:a:mayurik:best_employee_management_system:1.0:::::::*
Summary		(es) Se ha encontrado una vulnerabilidad clasificada como problemática en SourceCodester Best Employee Management System 1.0. Esta vulnerabilidad afecta al código desconocido del archivo /admin/backup/backups.php. La manipulación conduce a la divulgación de información. El ataque puede iniciarse de forma remota. El exploit se ha divulgado al público y puede utilizarse. Se contactó al proveedor con anticipación sobre esta divulgación, pero no respondió de ninguna manera.

24 Feb 2025, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-24 00:15

Updated : 2025-02-28 18:33

NVD link : CVE-2025-1606

Mitre link : CVE-2025-1606

CVE.ORG link : CVE-2025-1606

JSON object : View

Products Affected

mayurik

best_employee_management_system

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-284

Improper Access Control

NVD-CWE-noinfo

4.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2025-1606

4.3^/10

4.0^/10

Attach tags to `CVE-2025-1606`