PT-2022-26365 · Sourcecodester · Sourcecodester Event Registration System
Lucifoxer001
·
Published
2022-11-30
·
Updated
2024-02-01
·
CVE-2022-4232
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Event Registration System version 1.0
Description
A critical issue was found, allowing for unrestricted upload through the manipulation of the
cmd argument. This can be exploited remotely.Recommendations
For version 1.0, consider restricting access to the function that handles the
cmd argument until a fix is available. As a temporary workaround, avoid using the cmd argument in sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Fix
Incorrect Privilege Assignment
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester Event Registration System