SourceCodester Engineers Online Portal upload_save_student.php unrestricted upload
CVE-2023-5284

8.8HIGH

Key Information:

Vendor
SourceCodester
Status
Engineers Online Portal
Vendor
CVE Published:
29 September 2023

Summary

A vulnerability has been identified in the Engineers Online Portal, specifically affecting the file upload_save_student.php functionality. This vulnerability allows attackers to upload files without proper restrictions, enabling the potential for malicious file execution. The flaw can be exploited remotely, posing significant risks to the integrity of the application and its data. The details of the exploit have been made public, increasing the urgency for mitigation and protection against such unauthorized actions.

Affected Version(s)

Engineers Online Portal 1.0

References

https://vuldb.com/?id.240912
vdb-entrytechnical-description
https://vuldb.com/?ctiid.240912
signaturepermissions-required
https://github.com/llixixi/Engineers-Online-Portal-System...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

llixixioo (VulDB User)
.