CVE-2022-43083

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Vehicle Booking System version 1.0

Description The issue allows attackers to execute arbitrary code via a crafted PHP file due to an arbitrary file upload vulnerability in the admin-add-vehicle.php file.

Recommendations For Vehicle Booking System version 1.0, consider removing or restricting access to the admin-add-vehicle.php file until a patch is available. As a temporary workaround, restrict the types of files that can be uploaded through this interface to prevent the execution of malicious code.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-43083

Affected Products

Vehicle Booking System

CVE-2022-43083

Weakness Enumeration

Related Identifiers

Affected Products

References · 4