CVE-2025-2651— SourceCodester Online Eyewear Shop admin exposure of information through directory listing
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-2651
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SourceCodester Online Eyewear Shop admin exposure of information through directory listing
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. Multiple sub-directories are affected.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过目录枚举导致的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
SourceCodester Online Eyewear Shop 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SourceCodester Online Eyewear Shop是SourceCodester开源的一个使用 PHP 和 MySQL 开发的在线眼镜店网站项目,它提供了一个在线购物和订购平台,面向眼镜业务及其潜在客户。 SourceCodester Online Eyewear Shop 1.0版本存在安全漏洞,该漏洞源于目录列表信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SourceCodester | Online Eyewear Shop | 1.0 | - |
II. Public POCs for CVE-2025-2651
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-2651
请登录查看更多情报信息。
- CVE-2025-2651 SourceCodester Online Eyewear Shop admin exposure of information through directory listingsignaturepermissions-required
- https://nvd.nist.gov/vuln/detail/CVE-2025-2651
Same Patch Batch · SourceCodester · 2025-03-23 · 4 CVEs total
| CVE-2025-2654 | 7.3 HIGH | SourceCodester AC Repair and Services System manage_service.php sql injection |
| CVE-2025-2655 | 7.3 HIGH | SourceCodester AC Repair and Services System Users.php delete_users sql injection |
| CVE-2025-2652 | 5.3 MEDIUM | SourceCodester Employee and Visitor Gate Pass Logging System exposure of information throu |
IV. Related Vulnerabilities
Same product: Online Eyewear Shop
- CVE-2025-4173
SourceCodester Online Eyewear Shop Master.php delete_cart sq - CVE-2025-3817
SourceCodester Online Eyewear Shop Master.php sql injection - CVE-2025-3692
SourceCodester Online Eyewear Shop Master.php cross site scr - CVE-2025-3298
SourceCodester Online Eyewear Shop Registration Master.php a - CVE-2025-3297
SourceCodester Online Eyewear Shop Master.php cross site scr
Same vendor: SourceCodester
- CVE-2026-8136
SourceCodester Pharmacy Sales and Inventory System index.php - CVE-2026-8131
SourceCodester SUP Online Shopping replymsg.php sql injectio - CVE-2026-8130
SourceCodester SUP Online Shopping message.php sql injection - CVE-2026-8129
SourceCodester SUP Online Shopping wishlist.php sql injectio - CVE-2026-8128
SourceCodester SUP Online Shopping viewmsg.php sql injection
Same weakness: CWE-548
- CVE-2023-38265
Improper Access Control and Exposure of Information Through - CVE-2020-36921
RED-V Super Digital Signage System 5.1.1 Log Information Dis - CVE-2022-50788
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Information Disclosure v - CVE-2021-47718
OpenBMCS Directory Listing Information Disclosure - CVE-2024-56464
IBM QRadar SIEM is affected by an information disclosure vul
V. Comments for CVE-2025-2651
No comments yet