CVE-2023-1721

Yoga Class Registration System 1.0 - RCE

CVSS 9.1 CRITICALEPSS 1.0%CWE-434

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Productos afectados

Yoga Class Registration System · Yoga Class Registration System

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://fluidattacks.com/advisories/blessd/https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html