CVE-2025-46193

Published May 9, 2025

Last updated 10 months ago

CVSS critical 9.8
SourceCodester

Overview

Description
SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in user_proposal_update_order.php.
Source
cve@mitre.org
NVD status
Analyzed
Products
client_database_management_system

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-434

Social media

Hype score
Not currently trending

  1. CVE-2025-46193 SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in user_proposal_update_order.php. https://t.co/Kn2KsnmqG6

    @CVEnew

    27 Dec 2025

    216 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-46188 CVE-2025-46189 CVE-2025-46190 CVE-2025-46191 CVE-2025-46192 CVE-2025-46193

    @lf32dev

    12 May 2025

    23 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. الحمدلله 6 cve's دفعة وحده CVE-2025-46188 CVE-2025-46189 CVE-2025-46190 CVE-2025-46191 CVE-2025-46192 CVE-2025-46193

    @x6vrn

    9 May 2025

    14664 Impressions

    2 Retweets

    108 Likes

    45 Bookmarks

    23 Replies

    2 Quotes

Configurations

Related CVEs

  1. A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadmin_user_update.php. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.CVE-2026-3764
  2. A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadmin_user_delete.php of the component Endpoint. Executing a manipulation of the argument user_id can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used.CVE-2026-3761
  3. A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmin_delete_manager.php of the component Endpoint. The manipulation of the argument manager_id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.CVE-2026-3762
  4. A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of the argument manager_id causes improper authorization. The attack can be initiated remotely. The exploit has been published and may be used.CVE-2026-3734
  5. A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_leads.php of the component Leads Generation Module. Executing manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.CVE-2025-14885

References

Sources include official advisories and independent security research.