CVE-2023-4749

Опубликовано: 04 сент. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 9.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability.

Ссылки

https://skypoc.wordpress.com/2023/09/03/%e3%80%90code-audit%e3%80%91open-source-ample-inventory-management-system-v1-0-by-mayuri_k-has-a-file-inclusion-vulnerability/
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.238638
Third Party Advisory
https://vuldb.com/?id.238638
Third Party Advisory
https://skypoc.wordpress.com/2023/09/03/%e3%80%90code-audit%e3%80%91open-source-ample-inventory-management-system-v1-0-by-mayuri_k-has-a-file-inclusion-vulnerability/
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.238638
Third Party Advisory
https://vuldb.com/?id.238638
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mayurik:inventory_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00058

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-73

NVD-CWE-Other

Связанные уязвимости

GHSA-59qg-hpf9-jm3r

CVSS3: 6.3

github

больше 2 лет назад

EPSS

Процентиль: 18%

0.00058

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-73

NVD-CWE-Other