SourceCodester Company Website CMS Create Blog Page createblog unrestricted upload
CVE-2023-5919

4.7MEDIUM

Key Information:

Vendor
Sourcecodester
Status
Company Website Cms
Vendor
CVE Published:
2 November 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability exists in SourceCodester Company Website CMS version 1.0, specifically in the /dashboard/createblog component where unrestricted file uploads can occur. This flaw enables attackers to exploit unknown functionalities, potentially leading to unauthorized access or corruption of data. Given that the exploit can be executed remotely, it poses a significant threat to users. Once disclosed, this vulnerability may be leveraged by malicious actors to compromise the integrity of digital assets hosted on the affected platform.

Affected Version(s)

Company Website CMS 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-5919 - Proof of Concept

References

https://vuldb.com/?id.244310
vdb-entry
https://vuldb.com/?ctiid.244310
signaturepermissions-required
https://www.jianshu.com/p/a451953f36f1?v=1698808954608
exploit

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

pursuithappiness (VulDB User)
.