CVE-2023-4749
SourceCodester Inventory Management System index.php file inclusion
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability.
Se ha encontrado una vulnerabilidad, clasificada como crítica, en SourceCodester Inventory Management System v1.0. Es afectada una función desconocida del archivo "index.php". La manipulación de la página de argumentos conduce a la inclusión de archivos. Es posible lanzar el ataque de forma remota. El exploit ha sido revelado al público y puede ser utilizado. VDB-238638 es el identificador asignado a esta vulnerabilidad.
Es wurde eine Schwachstelle in SourceCodester Inventory Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei index.php. Durch Manipulation des Arguments page mit unbekannten Daten kann eine file inclusion-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-09-03 CVE Reserved
- 2023-09-04 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-09-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-73: External Control of File Name or Path
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://vuldb.com/?id.238638 | Technical Description |
| URL | Date | SRC |
|---|---|---|
| https://skypoc.wordpress.com/2023/09/03/%e3%80%90code-audit%e3%80%91open-source-ample-inventory-management-system-v1-0-by-mayuri_k-has-a-file-inclusion-vulnerability | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mayurik Search vendor "Mayurik" | Inventory Management System Search vendor "Mayurik" for product "Inventory Management System" | 1.0 Search vendor "Mayurik" for product "Inventory Management System" and version "1.0" | - |
Affected
| ||||||