CVE-2023-1826

SourceCodester Online Computer and Laptop Store index.php unrestricted upload

CVSS 6.3 MEDIUMEPSS 4.4%CWE-434

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Affected products

SourceCodester · Online Computer and Laptop Store

public PoCs found — 2

cve_referencepacketstormsecurity.com/files/171790/Online-Computer-And-Laptop-Store-1.0-Shell-Upload.htmlunverified exploitdbwww.exploit-db.com/exploits/51358unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/171790/Online-Computer-And-Laptop-Store-1.0-Shell-Upload.html https://vuldb.com/?ctiid.224841 https://vuldb.com/?id.224841