CVE-2023-5284

Опубликовано: 29 сент. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file upload_save_student.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240912.

Ссылки

https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Engineers%20Online%20Portal%20System%20upload_save_student.php%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf
Exploit
https://vuldb.com/?ctiid.240912
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.240912
Third Party Advisory
VDB Entry
https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Engineers%20Online%20Portal%20System%20upload_save_student.php%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf
Exploit
https://vuldb.com/?ctiid.240912
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.240912
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00131

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-qj57-gm77-m65m

CVSS3: 6.3

github

больше 2 лет назад

EPSS

Процентиль: 33%

0.00131

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434