Arbitrary File Upload Vulnerability in Online Food Ordering System by Onetnom23
CVE-2023-30122

9.8CRITICAL

Key Information:

Vendor: Online Food Ordering System Project
Status: Online Food Ordering System
Vendor: CVE Published:; 5 May 2023

🔔 Create Online Food Ordering System Project Vulnerability Alert

What is CVE-2023-30122?

An arbitrary file upload vulnerability exists in the /admin/ajax.php?action=save_menu endpoint of Online Food Ordering System v2.0. This flaw allows an attacker to upload a specially crafted PHP file that can lead to remote code execution. If exploited, this vulnerability can compromise the integrity and security of the system, allowing unauthorized actions to be taken by the attacker.

References

https://github.com/xtxxueyan/bug_report/blob/main/vendors...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2023
Vulnerability Reserved
Apr 7, 2023

CVE-2023-30122 Data

JSON