CVE-2022-43146 — Unrestricted File Upload in Management System Project Canteen Management System

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.9%

top 24.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canteen Management System Project Canteen Management System

Timeline

PublishedNov 14

Latest updateNov 15

Description

An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

▶NVDcanteen_management_system_project/canteen_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-c8rr-vr4h-5x87: An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1↗2022-11-15

▶

CVEList

CVE-2022-43146: An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1↗2022-11-14

▶