CVE-2019-18417

Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
sourcecodesterrestaurant_management_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.sevenlayers.com/index.php/265-restaurant-management-system-1-0-arbitrary-file-upload
https://www.sevenlayers.com/index.php/265-restaurant-management-system-1-0-arbitrary-file-upload