SourceCodester Company Website CMS Create Blog Page createblog unrestricted upload
CVE-2023-5919

7.2HIGH

Key Information:

Vendor
SourceCodester
Status
Company Website CMS
Vendor
CVE Published:
2 November 2023

Summary

A vulnerability exists in SourceCodester Company Website CMS version 1.0, specifically in the /dashboard/createblog component where unrestricted file uploads can occur. This flaw enables attackers to exploit unknown functionalities, potentially leading to unauthorized access or corruption of data. Given that the exploit can be executed remotely, it poses a significant threat to users. Once disclosed, this vulnerability may be leveraged by malicious actors to compromise the integrity of digital assets hosted on the affected platform.

Affected Version(s)

Company Website CMS 1.0

References

https://vuldb.com/?id.244310
vdb-entry
https://vuldb.com/?ctiid.244310
signaturepermissions-required
https://www.jianshu.com/p/a451953f36f1?v=1698808954608
exploit

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

pursuithappiness (VulDB User)
.