CVE-2023-1956

A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_img of the component Image Handler. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225343.
Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:online_computer_and_laptop_store:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:40

Type Values Removed Values Added
CVSS v2 : 5.5
v3 : 8.8
v2 : 5.5
v3 : 5.4
References () https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/Any%20file%20deletion%20exists%20in%20the%20system%20management%20department.pdf - Exploit, Third Party Advisory () https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/Any%20file%20deletion%20exists%20in%20the%20system%20management%20department.pdf - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.225343 - Permissions Required, Third Party Advisory () https://vuldb.com/?ctiid.225343 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.225343 - Third Party Advisory () https://vuldb.com/?id.225343 - Third Party Advisory

13 Feb 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-08 10:15

Updated : 2024-11-21 07:40


NVD link : CVE-2023-1956

Mitre link : CVE-2023-1956

CVE.ORG link : CVE-2023-1956


JSON object : View

Products Affected

oretnom23

  • online_computer_and_laptop_store
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')