CVE-2023-1956

Name of the Vulnerable Software and Affected Versions SourceCodester Online Computer and Laptop Store version 1.0

Description A critical vulnerability was found in the Image Handler component of the affected software, specifically in the /classes/Master.php file, where the path argument is manipulated, leading to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For SourceCodester Online Computer and Laptop Store version 1.0, consider disabling the delete img functionality in the /classes/Master.php file until a patch is available. Restrict access to the vulnerable Image Handler component to minimize the risk of exploitation. Avoid using the path argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.