CVE-2023-7058
SourceCodester Simple Student Attendance System path traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248749 was assigned to this vulnerability.
Se encontró una vulnerabilidad en SourceCodester Simple Student Attendance System 1.0. Ha sido declarada crítica. Una funcionalidad desconocida es afectada por esta vulnerabilidad. La manipulación de la página de argumentos conduce a path traversal: '../filedir'. El ataque se puede lanzar de forma remota. La explotación ha sido divulgada al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-248749.
In SourceCodester Simple Student Attendance System 1.0 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode. Mittels Manipulieren des Arguments page mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-12-21 CVE Reserved
- 2023-12-22 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-11-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-24: Path Traversal: '../filedir'
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://vuldb.com/?id.248749 | Technical Description |
URL | Date | SRC |
---|---|---|
https://github.com/laoquanshi/Simple-Student-Attendance-System | 2024-08-02 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oretnom23 Search vendor "Oretnom23" | Simple Student Attendance System Search vendor "Oretnom23" for product "Simple Student Attendance System" | 1.0 Search vendor "Oretnom23" for product "Simple Student Attendance System" and version "1.0" | - |
Affected
|