PT-2021-23365 · Unknown · Sourcecodester Online Reviewer System
Published
2021-10-29
·
Updated
2021-12-16
·
CVE-2021-41646
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sourcecodester Online Reviewer System version 1.0
Description
A Remote Code Execution (RCE) issue exists due to the ability to upload a maliciously crafted PHP file, which can bypass the image upload filters.
Recommendations
For Sourcecodester Online Reviewer System version 1.0, consider disabling the image upload feature until a patch is available to prevent exploitation. Restrict access to the upload module to minimize the risk of RCE attacks. Avoid using the image upload functionality in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Online Reviewer System