CVE-2023-1433

Name of the Vulnerable Software and Affected Versions SourceCodester Gadget Works Online Ordering System version 1.0

Description A problematic issue has been found in the Products Handler component, specifically affecting an unknown part of the file admin/products/controller.php?action=add. The manipulation of the filename argument leads to unrestricted upload. This issue can be initiated remotely.

Recommendations For SourceCodester Gadget Works Online Ordering System version 1.0, consider restricting access to the admin/products/controller.php?action=add endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the filename argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.