SourceCodester Company Website CMS Create Blog Page createblog unrestricted upload
CVE-2023-5919
Key Information:
- Vendor
- Sourcecodester
- Status
- Vendor
- CVE Published:
- 2 November 2023
Badges
Summary
A vulnerability exists in SourceCodester Company Website CMS version 1.0, specifically in the /dashboard/createblog component where unrestricted file uploads can occur. This flaw enables attackers to exploit unknown functionalities, potentially leading to unauthorized access or corruption of data. Given that the exploit can be executed remotely, it poses a significant threat to users. Once disclosed, this vulnerability may be leveraged by malicious actors to compromise the integrity of digital assets hosted on the affected platform.
Affected Version(s)
Company Website CMS 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
CVSS V3.0
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved