一、 漏洞 CVE-2025-1599 基础信息
漏洞标题
SourceCodester Best Church Management Software profile_crud.php 目录遍历漏洞
来源:AIGC 神龙大模型
漏洞描述信息
在SourceCodester Best Church Management Software 1.0 中发现了一处漏洞,该漏洞被评为存在风险。此问题影响了文件/admin/app/profile_crud.php中某些未知功能。通过操控参数old_cat_img可导致路径穿越: '../filedir'。攻击者可以在远程进行此操作。此漏洞的利用方法已被公开披露,有可能被利用。供应商已在此披露早期被联系,但没有任何回应。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
对路径名的限制不恰当(路径遍历)
来源:AIGC 神龙大模型
漏洞标题
SourceCodester Best Church Management Software profile_crud.php path traversal
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/app/profile_crud.php. The manipulation of the argument old_cat_img leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
来源:美国国家漏洞数据库 NVD
漏洞类别
路径遍历:’../filedir’
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2025-1599 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2025-1599 的情报信息

  • 标题: CVEproject/xiahao.webray.com.cn/best-church-management-software-Delete-any-file.md at main · xiahao90/CVEproject · GitHub -- 🔗来源链接

    标签: exploit

    CVEproject/xiahao.webray.com.cn/best-church-management-software-Delete-any-file.md at main · xiahao90/CVEproject · GitHub

  • 标题: Free Source Code Projects and Tutorials - sourcecodester.com -- 🔗来源链接

    标签: product

    Free Source Code Projects and Tutorials - sourcecodester.com

  • 标题: CVE-2025-1599 SourceCodester Best Church Management Software profile_crud.php path traversal -- 🔗来源链接

    标签: signature permissions-required

    CVE-2025-1599 SourceCodester Best Church Management Software profile_crud.php path traversal

  • 标题: Submit #498188: mayuri_k Best church management software 1.0 Delete any file -- 🔗来源链接

    标签: third-party-advisory

    Submit #498188: mayuri_k Best church management software 1.0 Delete any file

  • 标题: CVE-2025-1599 SourceCodester Best Church Management Software profile_crud.php path traversal -- 🔗来源链接

    标签: vdb-entry technical-description

    CVE-2025-1599 SourceCodester Best Church Management Software profile_crud.php path traversal
  • https://nvd.nist.gov/vuln/detail/CVE-2025-1599