SourceCodester Online Computer and Laptop Store 1.0 index.php img unrestricted upload

EntryHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. The CWE definition for the vulnerability is CWE-434. The weakness was released 04/04/2023 as 171790. The advisory is shared at packetstormsecurity.com. This vulnerability is uniquely identified as CVE-2023-1826. It is possible to initiate the attack remotely. Technical details are available. Furthermore, there is an exploit available. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1608.002 for this issue. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field	04/04/2023 10:41	04/21/2023 20:09	04/21/2023 20:17
vendor	SourceCodester	SourceCodester	SourceCodester
name	Online Computer and Laptop Store	Online Computer and Laptop Store	Online Computer and Laptop Store
version	1.0	1.0	1.0
file	php-ocls\admin\system_info\index.php	php-ocls\admin\system_info\index.php	php-ocls\admin\system_info\index.php
argument	img	img	img
cwe	434 (unrestricted upload)	434 (unrestricted upload)	434 (unrestricted upload)
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
availability	1	1	1
cve	CVE-2023-1826	CVE-2023-1826	CVE-2023-1826
responsible	VulDB	VulDB	VulDB
date	1680559200 (04/04/2023)	1680559200 (04/04/2023)	1680559200 (04/04/2023)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	7.5
cvss3_meta_tempscore	5.7	5.7	7.3
price_0day	$0-$5k	$0-$5k	$0-$5k
url		http://packetstormsecurity.com/files/171790/Online-Computer-And-Laptop-Store-1.0-Shell-Upload.html	http://packetstormsecurity.com/files/171790/Online-Computer-And-Laptop-Store-1.0-Shell-Upload.html
identifier		171790	171790
cve_assigned		1680559200 (04/04/2023)	1680559200 (04/04/2023)
cve_nvd_summary		A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability.	A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			6.5
cvss3_nvd_basescore			9.8
cvss3_cna_basescore			6.3

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!