CVE-2023-1722

Yoga Class Registration System 1.0 - ATO

CVSS 9.1 CRITICALEPSS 0.4%CWE-352

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

Yoga Class Registration System · Yoga Class Registration System

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fluidattacks.com/advisories/wyckoff/https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html