PT-2022-12554 · Sourcecodester · Sourcecodester Vehicle Service Management System

P.L. Sanu

Published

2022-01-06

Updated

2022-01-12

CVE-2021-46076

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sourcecodester Vehicle Service Management System version 1.0

Description The issue allows an attacker to upload a malicious php file in multiple endpoints, leading to Code Execution.

Recommendations For Sourcecodester Vehicle Service Management System version 1.0, consider disabling file upload functionality until a patch is available. Restrict access to endpoints that allow file uploads to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-46076

Affected Products

Sourcecodester Vehicle Service Management System

PT-2022-12554 · Sourcecodester · Sourcecodester Vehicle Service Management System

CVE-2021-46076

Weakness Enumeration

Related Identifiers

Affected Products

References · 5