Описание
Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:sourcecodester:restaurant_management_system:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00917
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.
EPSS
Процентиль: 76%
0.00917
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434