CVE-2023-1942

CWE-434Unrestricted File UploadCWE-79Cross-site Scripting (XSS)6 documents5 sources
Severity
9.8CRITICAL
EPSS
0.1%
top 73.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Online Computer AND Laptop StoreOretnom23 Online Computer AND Laptop Store
Timeline
PublishedApr 7

Description

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225319.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
GHSA-8p96-wcgc-fx6f: A vulnerability has been found in SourceCodester Online Computer and Laptop Store 12023-04-07
CVEList
SourceCodester Online Computer and Laptop Store Avatar unrestricted upload2023-04-07
GHSA
jplayer Cross Site Scripting vulnerability2022-05-17

💬Community

1
Bugzilla
CVE-2013-1942 CVE-2013-2023 CVE-2013-2022 owncloud: multiple XSS flaws in included Jplayer.as [fedora-all]2013-08-22
CVE-2023-1942 (CRITICAL CVSS 9.8) | A vulnerability has been found in S | cvebase.io