CVE-2022-29651 — Unrestricted File Upload in Online Food Ordering System

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.9%

top 23.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oretnom23 Online Food Ordering System

Timeline

PublishedMay 25

Latest updateMay 26

Description

An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

▶NVDoretnom23/online_food_ordering_system1.0

🔴Vulnerability Details

GHSA

GHSA-42hr-xhpv-jwj8: An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1↗2022-05-26

▶

CVEList

CVE-2022-29651: An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1↗2022-05-25

▶