CVE-2019-18417

EUVD-2019-8186
Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
sourcecodesterrestaurant_management_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.sevenlayers.com/index.php/265-restaurant-management-system-1-0-arbitrary-file-upload
https://www.sevenlayers.com/index.php/265-restaurant-management-system-1-0-arbitrary-file-upload