PT-2023-19477 · Unknown · Raffle Draw System

Publicado

2023-02-06

Atualizado

2025-03-26

CVE-2023-24202

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Raffle Draw System version 1.0

Description The issue is related to a local file inclusion vulnerability. This vulnerability can be exploited via the page parameter in the "index.php" endpoint.

Recommendations For Raffle Draw System version 1.0, consider restricting access to the page parameter in the "index.php" endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the page parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-24202

Produtos afetados

Raffle Draw System

PT-2023-19477 · Unknown · Raffle Draw System

CVE-2023-24202

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7