CVE-2025-6161

📊 6.9 MEDIUM⚡ 0.1%🎯 0 exploits

📅 Published Jun 17, 2025

📋 Status: Analyzed

A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	fabian	simple food ordering system	1.0	Vulnerable	cpe:2.3:a:fabian:simple_food_ordering_system:1.0:::::::*

📱

fabian / simple food ordering system

Application

Vulnerable

Version: 1.0

CPE:

cpe:2.3:a:fabian:simple_food_ordering_system:1.0:*:*:*:*:*:*:*

Metrics

6.9 MEDIUMCVSS v4.0[email protected]

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

6.9 (MEDIUM)v4.0

Source: [email protected]

EPSS Details

0.1% (Minimal)24.6th percentile

Last updated: Oct 31, 2025

Exploitation probability within 30 days

Published Date

Jun 17, 2025 (4 months ago)

Last Modified

Oct 23, 2025 (9 days ago)

Security Weaknesses3

CWE-284CWE-434

References5

NVDgeneralgeneral+2