CVE-2023-5790

CWE-434 — Unrestricted File Upload15 documents4 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 76.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester File Manager APP Remyandrade File Manager APP

Timeline

PublishedOct 26

Description

A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5sourcecodester/file_manager_app1.0

▶NVDremyandrade/file_manager_app1.0

🔴Vulnerability Details

GHSA

GHSA-j3jp-4g73-9xxh: A vulnerability classified as critical was found in SourceCodester File Manager App 1↗2023-10-26

▶

CVEList

SourceCodester File Manager App add-file.php unrestricted upload↗2023-10-26

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2023-3728 Use after free in WebRTC↗2023-07-11

▶

Microsoft

Chromium: CVE-2023-3730 Use after free in Tab Groups↗2023-07-11

▶

Microsoft

Chromium: CVE-2023-3727 Use after free in WebRTC↗2023-07-11

▶

Microsoft

Chromium: CVE-2023-3740 Insufficient validation of untrusted input in Themes↗2023-07-11

▶

Microsoft

Chromium: CVE-2023-3737 Inappropriate implementation in Notifications↗2023-07-11

▶