CVE-2022-43265 — Unrestricted File Upload in Management System Project Canteen Management System

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.8%

top 25.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canteen Management System Project Canteen Management System

Timeline

PublishedNov 15

Latest updateNov 16

Description

An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDcanteen_management_system_project/canteen_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-vmrr-4jjv-hjpm: An arbitrary file upload vulnerability in the component /pages/save_user↗2022-11-16

▶

CVEList

CVE-2022-43265: An arbitrary file upload vulnerability in the component /pages/save_user↗2022-11-15

▶