PT-2019-15400 · Sourcecodester · Sourcecodester Restaurant Management System

Publicado

2019-10-24

Atualizado

2019-10-28

CVE-2019-18417

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sourcecodester Restaurant Management System version 1.0

Description The issue allows an authenticated attacker to upload arbitrary files, potentially resulting in code execution. This occurs due to inadequate sanitization of user-supplied input. For example, the "add a new food" feature allows the upload of .php files.

Recommendations For Sourcecodester Restaurant Management System version 1.0, consider disabling the file upload feature, particularly for the "add a new food" functionality, until a proper fix is implemented to sanitize user input and prevent arbitrary file uploads.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2019-18417

Produtos afetados

Sourcecodester Restaurant Management System

PT-2019-15400 · Sourcecodester · Sourcecodester Restaurant Management System

CVE-2019-18417

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3