SourceCodester Simple and Nice Shopping Cart Script uploaderm.php unrestricted upload
CVE-2023-1497

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
Simple and Nice Shopping Cart Script
Vendor
CVE Published:
19 March 2023

What is CVE-2023-1497?

A vulnerability has been identified in the SourceCodester Simple and Nice Shopping Cart Script version 1.0, specifically within the file 'uploaderm.php'. This issue allows for unrestricted file uploads due to inadequate argument handling in the 'submit' parameter. An attacker can exploit this vulnerability remotely to upload malicious files, potentially compromising the integrity and security of the entire web application. The exploit is publicly known, making it crucial for users and administrators to implement mitigations promptly.

Affected Version(s)

Simple and Nice Shopping Cart Script 1.0

References

https://vuldb.com/?id.223397
vdb-entrytechnical-description
https://vuldb.com/?ctiid.223397
signaturepermissions-required
https://github.com/Decemberus/BugHub/blob/main/simple%20a...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Enjoy (VulDB User)
.