Unrestricted File Upload Vulnerability in SourceCodester Petrol Pump Management Software
CVE-2024-2058

7.2HIGH

Key Information:

Vendor: Sourcecodester
Status: Petrol Pump Management Software
Vendor: CVE Published:; 1 March 2024

🔔 Create Sourcecodester Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2024-2058?

A significant vulnerability exists in the Petrol Pump Management Software, specifically related to an insecure feature within the admin panel. The flaw allows for unrestricted file uploads via the product.php file, which can be exploited by remote attackers to upload malicious files. This weakness has been publicly disclosed and may pose severe risks to system integrity and data security. It is imperative for users of the affected software to implement mitigation strategies immediately to defend against potential exploitation.

Affected Version(s)

Petrol Pump Management Software 1.0

References

https://vuldb.com/?id.255373

vdb-entrytechnical-description

https://vuldb.com/?ctiid.255373

signaturepermissions-required

https://github.com/skid-nochizplz/skid-nochizplz/blob/mai...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 1, 2024
Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Mar 1, 2024

Credit

Joshua Lictan

nochizplz (VulDB User)