SourceCodester My Food Recipe Image Upload index.php unrestricted upload
CVE-2023-5034

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
My Food Recipe
Vendor
CVE Published:
18 September 2023

What is CVE-2023-5034?

A vulnerability exists in the SourceCodester My Food Recipe version 1.0, specifically within the image upload handler located in the index.php file. This flaw allows for unrestricted file uploads, meaning malicious users can upload unauthorized files without proper validation. The vulnerability is remotely exploitable and has been made public, increasing the potential for misuse. Users and administrators are advised to enhance security measures and monitor their systems for any signs of exploit attempts.

Affected Version(s)

My Food Recipe 1.0

References

https://vuldb.com/?id.239878
vdb-entrytechnical-description
https://vuldb.com/?ctiid.239878
signaturepermissions-required
https://uploaddeimagens.com.br/imagens/bLNdiUE
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

dokaterroista (VulDB User)
.