CVE-2021-41644 — Unrestricted File Upload in Online Food Ordering System

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.8%

top 26.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oretnom23 Online Food Ordering System

Timeline

PublishedOct 29

Latest updateMay 24

Description

Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDoretnom23/online_food_ordering_system2.0

🔴Vulnerability Details

GHSA

GHSA-3gcc-2rv5-mv32: Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2↗2022-05-24

▶

CVEList

CVE-2021-41644: Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2↗2021-10-29

▶