SourceCodester File Manager App add-file.php unrestricted upload
CVE-2023-5790

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
File Manager App
Vendor
CVE Published:
26 October 2023

What is CVE-2023-5790?

A vulnerability has been identified in the SourceCodester File Manager App, specifically within the file endpoint functionality. It allows an attacker to exploit the argument 'uploadedFileName' to execute unrestricted file uploads remotely. This vulnerability poses significant risks, as it could enable unauthorized access to sensitive files and potentially lead to remote code execution. The exploit has been disclosed publicly, underlining the importance of immediate attention and remediation by users of the affected application.

Affected Version(s)

File Manager App 1.0

References

https://vuldb.com/?id.243595
vdb-entrytechnical-description
https://vuldb.com/?ctiid.243595
signaturepermissions-required
https://github.com/Yp1oneer/cve_hub/blob/main/File%20Mana...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yp1oneer (VulDB User)
.
CVE-2023-5790 : SourceCodester File Manager App add-file.php unrestricted upload