SourceCodester Online Computer and Laptop Store 1.0 index.php img unrestricted upload
A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. The CWE definition for the vulnerability is CWE-434. The weakness was released 04/04/2023 as 171790. The advisory is shared at packetstormsecurity.com. This vulnerability is uniquely identified as CVE-2023-1826. It is possible to initiate the attack remotely. Technical details are available. Furthermore, there is an exploit available. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1608.002 for this issue. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.