Arbitrary File Upload Vulnerability in Food Ordering System by Oretnom23
CVE-2023-24646

9.8CRITICAL

Key Information:

Vendor: Online Food Ordering System Project
Status: Online Food Ordering System
Vendor: CVE Published:; 13 February 2023

🔔 Create Online Food Ordering System Project Vulnerability Alert

What is CVE-2023-24646?

An arbitrary file upload vulnerability exists in the /fos/admin/ajax.php component of Food Ordering System version 2.0. This security flaw allows attackers to upload malicious PHP files, potentially leading to code execution and full control over the affected server. Organizations using this software should take immediate action to mitigate risks associated with this vulnerability.

References

https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/mai...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2023
Vulnerability Reserved
Jan 30, 2023

CVE-2023-24646 Data

JSON