CVE-2023-4191
SourceCodester Resort Reservation System index.php file inclusion
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236234 is the identifier assigned to this vulnerability.
Se ha encontrado una vulnerabilidad, clasificada como crítica, en SourceCodester Resort Reservation System v1.0. Este problema afecta a una funcionalidad desconocida del archivo "index.php". La manipulación de la página de "argument" conduce a la inclusión de archivos. El ataque puede ser lanzado remotamente. El exploit ha sido revelado al público y puede ser utilizado. VDB-236234 es el identificador asignado a esta vulnerabilidad.
Eine kritische Schwachstelle wurde in SourceCodester Resort Reservation System 1.0 entdeckt. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei index.php. Durch das Beeinflussen des Arguments page mit unbekannten Daten kann eine file inclusion-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-08-06 CVE Reserved
- 2023-08-06 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-09-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-73: External Control of File Name or Path
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://vuldb.com/?id.236234 | Technical Description |
| URL | Date | SRC |
|---|---|---|
| https://github.com/Yesec/Resort-Reservation-System/blob/main/local%20file%20inclusion/vuln.md | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Resort Reservation System Project Search vendor "Resort Reservation System Project" | Resort Reservation System Search vendor "Resort Reservation System Project" for product "Resort Reservation System" | 1.0 Search vendor "Resort Reservation System Project" for product "Resort Reservation System" and version "1.0" | - |
Affected
| ||||||