CVE-2025-45997 – This vulnerability allows attackers to upload m... (How to Fix)

Q: What is the severity of CVE-2025-45997?

CVE-2025-45997 has a CVSS score of 8.6 (HIGH). This vulnerability allows attackers to upload malicious PHP files disguised as images to the Web-based Pharmacy Product Management System v1.0. By modifying the Content-Type header to image/jpg, attackers can bypass file upload restrictions and potentially execute arbitrary code on the server. Organizations using this specific version of the pharmacy management system are affected.

📋 TL;DR

This vulnerability allows attackers to upload malicious PHP files disguised as images to the Web-based Pharmacy Product Management System v1.0. By modifying the Content-Type header to image/jpg, attackers can bypass file upload restrictions and potentially execute arbitrary code on the server. Organizations using this specific version of the pharmacy management system are affected.

💻 Affected Systems

Products:

Sourcecodester Web-based Pharmacy Product Management System

Versions: v1.0

Operating Systems: Any OS running PHP web server

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation with no special configuration required for exploitation.

📦 What is this software?

Web Based Pharmacy Product Management System by Senior Walter

View all CVEs affecting Web Based Pharmacy Product Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to data theft, ransomware deployment, or complete system takeover through remote code execution.

🟠

Likely Case

Webshell installation allowing persistent backdoor access, data exfiltration, and lateral movement within the network.

🟢

If Mitigated

File upload attempts blocked at the web application firewall level with no successful exploitation.

🌐 Internet-Facing: HIGH - The vulnerability is exploitable via HTTP requests and affects internet-facing web applications.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but have reduced attack surface compared to internet-facing instances.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only HTTP request manipulation and basic web testing tools. The GitHub POC demonstrates the exact technique.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch exists. Consider replacing with alternative software or implementing workarounds.

🔧 Temporary Workarounds

File Upload Validation Enhancement

all

Implement server-side file validation that checks both file extension and MIME type, and validates actual file content rather than trusting headers.

Web Application Firewall Rules

all

Configure WAF to block file uploads with PHP extensions or suspicious Content-Type manipulation.

🧯 If You Can't Patch

Disable file upload functionality entirely in the application
Implement strict file upload directory permissions and disable PHP execution in upload directories

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a PHP file with Content-Type: image/jpg header to the file upload endpoint. If successful, the system is vulnerable.

Check Version:

Check the application's version.php file or admin panel for version information.

Verify Fix Applied:

Attempt the same upload test after implementing fixes. The upload should be rejected with proper validation errors.

📡 Detection & Monitoring

Log Indicators:

Multiple failed file upload attempts
Successful uploads of files with mismatched extensions and content types
Access to uploaded PHP files in unexpected directories

Network Indicators:

HTTP POST requests to upload endpoints with manipulated Content-Type headers
Traffic to newly created PHP files in upload directories

SIEM Query:

source="web_logs" AND (uri_path="*upload*" OR uri_path="*.php") AND (http_method="POST" AND content_type="image/*" AND user_agent LIKE "%curl%" OR "%wget%")

📊 Metadata

CVE ID: CVE-2025-45997

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE: CWE-434

EPSS Score: 0.21% exploit probability (42.7th percentile)

Published: May 28, 2025

Last Updated: June 9, 2025

🔗 References

https://github.com/litsasuk/CVE-POC/blob/main/CVE-2025-45997.md Exploit,Third Party Advisory
https://www.sourcecodester.com/php/17883/web-based-product-alert-system.html Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-45997, you might also want to check these: