Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-33440

CWE-94 ā€” Code Injection5 documents5 sources
Severity
7.2HIGH
EPSS
90.4%
top 0.39%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Faculty Evaluation System Project Faculty Evaluation System
Timeline
PublishedMay 26
Latest updateMay 31

Description

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

šŸ”“Vulnerability Details

2
GHSA
GHSA-966v-xccm-p63c: Sourcecodester Faculty Evaluation System v1ā†—2023-05-26
ā–¶
CVEList
CVE-2023-33440: Sourcecodester Faculty Evaluation System v1ā†—2023-05-26
ā–¶

šŸ’„Exploits & PoCs

2
Exploit-DB
Faculty Evaluation System 1.0 - Unauthenticated File Uploadā†—2023-05-31
ā–¶
Nuclei
Faculty Evaluation System v1.0 - Remote Code Execution
ā–¶
CVE-2023-33440 (HIGH CVSS 7.2) | Sourcecodester Faculty Evaluation S | cvebase.io