CVE-2023-1734

EUVD-2023-23956
A vulnerability classified as critical has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected is an unknown function of the file admin/products/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-224622 is the identifier assigned to this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
7.3 HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
young_entrepreneur_e-negosyo_system_projectyoung_entrepreneur_e-negosyo_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://vuldb.com/?ctiid.224622
https://vuldb.com/?id.224622
https://vuldb.com/?ctiid.224622
https://vuldb.com/?id.224622