CVE-2023-1497 — Unrestricted File Upload in Simple AND Nice Shopping Cart Script

CWE-434 — Unrestricted File Upload CWE-401 — Missing Release of Memory after Effective Lifetime4 documents4 sources

Severity

9.8CRITICALNVD

CNA6.3

EPSS

0.5%

top 34.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Simple AND Nice Shopping Cart Script Simple AND Nice Shopping Cart Script Project Simple AND Nice Shopping Cart Script

Timeline

PublishedMar 19

Description

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. It has been rated as critical. This issue affects some unknown processing of the file uploaderm.php. The manipulation of the argument submit leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223397 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sourcecodester/simple_and_nice_shopping_cart_script1.0

▶NVDsimple_and_nice_shopping_cart_script_project/simple_and_nice_shopping_cart_script1.0

🔴Vulnerability Details

GHSA

GHSA-8px5-5hr4-658v: A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1↗2023-03-19

▶

CVEList

SourceCodester Simple and Nice Shopping Cart Script uploaderm.php unrestricted upload↗2023-03-19

▶

📋Vendor Advisories

Juniper

CVE-2023-22395: A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent atta↗2023-01-13

▶