Arbitrary File Upload Vulnerability in Musical World by D4rkP0w4r
CVE-2022-27064

8.8HIGH

Key Information:

Vendor

Musical World Project

Status
Musical World
Vendor
CVE Published:
8 April 2022

What is CVE-2022-27064?

Musical World v1 has a security flaw due to an arbitrary file upload vulnerability located in the uploaded_songs.php file. This issue enables attackers to upload malicious PHP files, which can lead to unauthorized code execution on the server. By exploiting this vulnerability, an attacker can potentially gain control over the affected system, posing a significant risk to data integrity and system security.

References

https://github.com/D4rkP0w4r/Musical-World-Unrestricted-F...
x_refsource_MISC
https://drive.google.com/file/d/1j5xDRpkYL7IeHYdUm34YX9iu...
x_refsource_MISC
http://packetstormsecurity.com/files/166653/Musical-World...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.