CVE-2021-25780

An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
baby_care_system_projectbaby_care_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/TCSWT/Baby-Care-System/blob/main/README.md
https://github.com/TCSWT/Baby-Care-System/blob/main/README.md