Unrestricted File Upload Vulnerability in SourceCodester Petrol Pump Management Software
CVE-2024-2058

7.2HIGH

Key Information:

Vendor: Sourcecodester
Status: Petrol Pump Management Software
Vendor: CVE Published:; 1 March 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A significant vulnerability exists in the Petrol Pump Management Software, specifically related to an insecure feature within the admin panel. The flaw allows for unrestricted file uploads via the product.php file, which can be exploited by remote attackers to upload malicious files. This weakness has been publicly disclosed and may pose severe risks to system integrity and data security. It is imperative for users of the affected software to implement mitigation strategies immediately to defend against potential exploitation.

Affected Version(s)

Petrol Pump Management Software 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-2058 - Proof of Concept

References

https://vuldb.com/?id.255373

vdb-entrytechnical-description

https://vuldb.com/?ctiid.255373

signaturepermissions-required

https://github.com/skid-nochizplz/skid-nochizplz/blob/mai...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Mar 1, 2024
👾
Exploit known to exist
Mar 1, 2024
Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Mar 1, 2024

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

Joshua Lictan

nochizplz (VulDB User)