CVE-2023-0257
SourceCodester Online Food Ordering System Menu Form unrestricted upload
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fos/admin/index.php?page=menu of the component Menu Form. The manipulation of the argument Image with the input <?php system($_GET['c']); ?> leads to unrestricted upload. The attack can be launched remotely. The identifier VDB-218185 was assigned to this vulnerability.
Se encontró una vulnerabilidad en SourceCodester Online Food Ordering System 2.0. Ha sido declarada crítica. Una función desconocida del archivo /fos/admin/index.php?page=menu del componente Menu Form es afectada por esta vulnerabilidad. La manipulación del argumento Imagen con la entrada conduce a una subida sin restricciones. El ataque se puede lanzar de forma remota. A esta vulnerabilidad se le asignó el identificador VDB-218185.
In SourceCodester Online Food Ordering System 2.0 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht näher bekannte Funktion der Datei /fos/admin/index.php?page=menu der Komponente Menu Form. Dank der Manipulation des Arguments Image mit der Eingabe <?php system($_GET['c']); ?> mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-01-12 CVE Reserved
- 2023-01-12 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Online Food Ordering System Project Search vendor "Online Food Ordering System Project" | Online Food Ordering System Search vendor "Online Food Ordering System Project" for product "Online Food Ordering System" | 2.0 Search vendor "Online Food Ordering System Project" for product "Online Food Ordering System" and version "2.0" | - |
Affected
|