PT-2022-26775 · Unknown · Canteen Management System

Published

2022-11-14

Updated

2022-11-17

CVE-2022-43146

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Canteen Management System version 1.0

Description The issue is related to an arbitrary file upload vulnerability in the image upload function, allowing attackers to execute arbitrary code via a crafted PHP file.

Recommendations For Canteen Management System version 1.0, consider disabling the image upload function until a patch is available to prevent exploitation. Restrict access to the upload module to minimize the risk of arbitrary code execution. Avoid using the image upload feature in the affected version until the issue is resolved.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-43146

Affected Products

Canteen Management System

PT-2022-26775 · Unknown · Canteen Management System

CVE-2022-43146

Weakness Enumeration

Related Identifiers

Affected Products

References · 6