PT-2021-23364 · Unknown · Sourcecodester Budget/Expense Tracker System
Published
2021-10-29
·
Updated
2024-02-03
·
CVE-2021-41645
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sourcecodester Budget and Expense Tracker System version 1.0
Description
A Remote Code Execution (RCE) issue exists, allowing a remote malicious user to inject arbitrary code via the image upload field.
Recommendations
For Sourcecodester Budget and Expense Tracker System version 1.0, consider disabling the image upload feature until a patch is available to prevent exploitation. Restrict access to the image upload field to minimize the risk of arbitrary code injection.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Budget/Expense Tracker System