PT-2022-24367 · Unknown · Event Management System
Gsir
·
Published
2022-09-15
·
Updated
2022-09-16
·
CVE-2022-38323
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Event Management System version 1.0
Description
The issue allows attackers to execute arbitrary code via a crafted PHP file, exploiting an arbitrary file upload vulnerability in the /Royal Event/update image.php component.
Recommendations
For Event Management System version 1.0, as a temporary workaround, consider disabling the /Royal Event/update image.php component until a patch is available. Restrict access to this component to minimize the risk of exploitation. Avoid using this component to upload files until the issue is resolved.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Event Management System