PT-2021-21301 · Sourcecodester · Sourcecodester Phone Shop Sales Managements System
Published
2021-08-03
·
Updated
2021-11-06
·
CVE-2021-36623
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sourcecodester Phone Shop Sales Management System version 1.0
Description
The issue allows for arbitrary file upload, which can enable remote code execution (RCE) in the affected system.
Recommendations
For version 1.0, update to a newer version that addresses the arbitrary file upload issue to prevent RCE.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Phone Shop Sales Managements System