CVE-2023-0257

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.4%

top 41.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Online Food Ordering System Oretnom23 Online Food Ordering System

Timeline

PublishedJan 12

Latest updateJan 13

Description

A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fos/admin/index.php?page=menu of the component Menu Form. The manipulation of the argument Image with the input leads to unrestricted upload. The attack can be launched remotely. The identifier VDB-218185 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5sourcecodester/online_food_ordering_system2.0

▶NVDoretnom23/online_food_ordering_system2.0

🔴Vulnerability Details

GHSA

GHSA-f92f-f3rw-xx2m: A vulnerability was found in SourceCodester Online Food Ordering System 2↗2023-01-13

▶

CVEList

SourceCodester Online Food Ordering System Menu Form unrestricted upload↗2023-01-12

▶