PT-2021-16459 · Sourcecodester · Sourcecodester Ordering System

Bigtiger2020

Published

2021-07-22

Updated

2021-09-13

CVE-2021-25211

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: SourceCodester Ordering System version 1.0

Description: The issue allows attackers to execute arbitrary code via the file upload to "ordering/admin/products/edit.php". This is an arbitrary file upload vulnerability.

Recommendations: For SourceCodester Ordering System version 1.0, consider disabling the file upload feature in the "ordering/admin/products/edit.php" page until a patch is available. Restrict access to the "edit.php" file to minimize the risk of exploitation. Avoid using the file upload functionality in the affected API endpoint until the issue is resolved.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-25211

Affected Products

Sourcecodester Ordering System

PT-2021-16459 · Sourcecodester · Sourcecodester Ordering System

CVE-2021-25211

Weakness Enumeration

Related Identifiers

Affected Products

References · 5