CVE-2025-2652— SourceCodester Employee and Visitor Gate Pass Logging System exposure of information through directory listing
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-2652
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SourceCodester Employee and Visitor Gate Pass Logging System exposure of information through directory listing
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to exposure of information through directory listing. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. Multiple sub-directories are affected.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过目录枚举导致的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
SourceCodester Employee and Visitor Gate Pass Logging System 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SourceCodester Employee and Visitor Gate Pass Logging System是SourceCodester开源的一个简单的基于 Web 的员工和访客通行证记录系统。 SourceCodester Employee and Visitor Gate Pass Logging System 1.0版本存在安全漏洞,该漏洞源于目录列表信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SourceCodester | Employee and Visitor Gate Pass Logging System | 1.0 | - |
II. Public POCs for CVE-2025-2652
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-2652
请登录查看更多情报信息。
Same Patch Batch · SourceCodester · 2025-03-23 · 4 CVEs total
| CVE-2025-2654 | 7.3 HIGH | SourceCodester AC Repair and Services System manage_service.php sql injection |
| CVE-2025-2655 | 7.3 HIGH | SourceCodester AC Repair and Services System Users.php delete_users sql injection |
| CVE-2025-2651 | 5.3 MEDIUM | SourceCodester Online Eyewear Shop admin exposure of information through directory listing |
IV. Related Vulnerabilities
Same product: Employee and Visitor Gate Pass Logging System
- CVE-2024-9315
SourceCodester Employee and Visitor Gate Pass Logging System - CVE-2024-7069
SourceCodester Employee and Visitor Gate Pass Logging System - CVE-2024-6967
SourceCodester Employee and Visitor Gate Pass Logging System - CVE-2024-6736
SourceCodester Employee and Visitor Gate Pass Logging System - CVE-2024-6650
SourceCodester Employee and Visitor Gate Pass Logging System
Same vendor: SourceCodester
- CVE-2026-8136
SourceCodester Pharmacy Sales and Inventory System index.php - CVE-2026-8131
SourceCodester SUP Online Shopping replymsg.php sql injectio - CVE-2026-8130
SourceCodester SUP Online Shopping message.php sql injection - CVE-2026-8129
SourceCodester SUP Online Shopping wishlist.php sql injectio - CVE-2026-8128
SourceCodester SUP Online Shopping viewmsg.php sql injection
Same weakness: CWE-548
- CVE-2023-38265
Improper Access Control and Exposure of Information Through - CVE-2020-36921
RED-V Super Digital Signage System 5.1.1 Log Information Dis - CVE-2022-50788
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Information Disclosure v - CVE-2021-47718
OpenBMCS Directory Listing Information Disclosure - CVE-2024-56464
IBM QRadar SIEM is affected by an information disclosure vul
V. Comments for CVE-2025-2652
No comments yet