PT-2019-15400 · Sourcecodester · Sourcecodester Restaurant Management System

Published

2019-10-24

Updated

2019-10-28

CVE-2019-18417

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sourcecodester Restaurant Management System version 1.0

Description The issue allows an authenticated attacker to upload arbitrary files, potentially resulting in code execution. This occurs due to inadequate sanitization of user-supplied input. For example, the "add a new food" feature allows the upload of .php files.

Recommendations For Sourcecodester Restaurant Management System version 1.0, consider disabling the file upload feature, particularly for the "add a new food" functionality, until a proper fix is implemented to sanitize user input and prevent arbitrary file uploads.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2019-18417

Affected Products

Sourcecodester Restaurant Management System

PT-2019-15400 · Sourcecodester · Sourcecodester Restaurant Management System

CVE-2019-18417

Weakness Enumeration

Related Identifiers

Affected Products

References · 3