CVE-2023-0918 — Unrestricted File Upload in Pharmacy Management System

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

9.8CRITICALNVD

CNA6.3

EPSS

0.5%

top 34.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codeprojects Pharmacy Management System Pharmacy Management System Project Pharmacy Management System

Timeline

PublishedFeb 19

Description

A vulnerability has been found in codeprojects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file add.php of the component Avatar Image Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221494 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5codeprojects/pharmacy_management_system1.0

▶NVDpharmacy_management_system_project/pharmacy_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-hw3p-w6g3-vfr2: A vulnerability has been found in codeprojects Pharmacy Management System 1↗2023-02-19

▶

CVEList

codeprojects Pharmacy Management System Avatar Image add.php unrestricted upload↗2023-02-19

▶