PT-2022-12285 · Unknown · Laundry Booking Management System
Published
2022-01-10
·
Updated
2025-04-22
·
CVE-2021-45003
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Laundry Booking Management System versions 1.0 and earlier
Description
The issue is related to a remote code execution (RCE) vulnerability. It affects the profile.php file through the
image parameter, allowing the execution of a webshell payload.Recommendations
For Laundry Booking Management System versions 1.0 and earlier, consider disabling the
image parameter in the profile.php file as a temporary workaround until a patch is available. Restrict access to the profile.php file to minimize the risk of exploitation.Exploit
Fix
RCE
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Laundry Booking Management System