Arbitrary File Upload Vulnerability in Online Pizza Ordering by Oretnom23
CVE-2023-29627

8.8HIGH

Key Information:

Vendor: Online Pizza Ordering Project
Status: Online Pizza Ordering
Vendor: CVE Published:; 14 April 2023

🔔 Create Online Pizza Ordering Project Vulnerability Alert

What is CVE-2023-29627?

The Online Pizza Ordering application version 1.0 is susceptible to an arbitrary file upload vulnerability. This vulnerability allows attackers to upload malicious files to the server, potentially leading to unauthorized code execution. By exploiting this weakness, attackers can gain control over the underlying server, compromising the integrity and confidentiality of sensitive data.

References

https://portswigger.net/web-security/file-upload

https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/mai...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2023
Vulnerability Reserved
Apr 7, 2023

CVE-2023-29627 Data

JSON