CVE-2023-5277

Опубликовано: 29 сент. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 9.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file student_avatar.php. The manipulation of the argument change leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240905 was assigned to this vulnerability.

Ссылки

https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Engineers%20Online%20Portal%20System%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf
Exploit
https://vuldb.com/?ctiid.240905
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.240905
Third Party Advisory
VDB Entry
https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Engineers%20Online%20Portal%20System%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf
Exploit
https://vuldb.com/?ctiid.240905
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.240905
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00077

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-7xxv-8q2p-34g3

CVSS3: 6.3

github

больше 2 лет назад

EPSS

Процентиль: 23%

0.00077

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434