Local File Inclusion Vulnerability in Raffle Draw System by xiumulty
CVE-2023-24202

9.8CRITICAL

Key Information:

Vendor: Oretnom23
Status: Raffle Draw System
Vendor: CVE Published:; 6 February 2023

What is CVE-2023-24202?

The Raffle Draw System v1.0 has been identified as having a local file inclusion vulnerability, where an attacker can manipulate the page parameter in the index.php file. This flaw allows unauthorized access to the file system, potentially exposing sensitive files or executing malicious scripts on the server. Proper sanitization of input parameters is essential to mitigate this security risk, making it crucial for users of this system to implement security best practices and update to patched versions when available.

References

https://www.sourcecodester.com/php/15951/raffle-draw-syst...

https://github.com/xiumulty/CVE/blob/main/Raffle%20draw%2...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2023
Vulnerability Reserved
Jan 23, 2023

Oretnom23

What is CVE-2023-24202?

References

CVSS V3.1

Timeline