CVE-2022-43275 — Unrestricted File Upload in Management System Project Canteen Management System

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.9%

top 23.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canteen Management System Project Canteen Management System

Timeline

PublishedOct 28

Description

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

▶NVDcanteen_management_system_project/canteen_management_system1.0

🔴Vulnerability Details

CVEList

CVE-2022-43275: Canteen Management System v1↗2022-10-28

▶

GHSA

GHSA-x7cr-m698-6v6p: Canteen Management System v1↗2022-10-28

▶