CVE-2024-8341

A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0. This vulnerability affects unknown code of the file /controllers/add_user.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:nelzkie15:pet_shop_management_system:1.0:*:*:*:*:*:*:*

History

04 Sep 2024, 16:16

Type Values Removed Values Added
First Time Nelzkie15 pet Shop Management System
Nelzkie15
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 9.8
CPE cpe:2.3:a:nelzkie15:pet_shop_management_system:1.0:*:*:*:*:*:*:*
References () https://github.com/enjoyworld/webray.com.cn/blob/main/cves/Petshop_Management_System/Petshop_Management_System%20add_user.php%20any%20file%20upload.md - () https://github.com/enjoyworld/webray.com.cn/blob/main/cves/Petshop_Management_System/Petshop_Management_System%20add_user.php%20any%20file%20upload.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.276220 - () https://vuldb.com/?ctiid.276220 - Permissions Required
References () https://vuldb.com/?id.276220 - () https://vuldb.com/?id.276220 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?submit.399661 - () https://vuldb.com/?submit.399661 - Third Party Advisory, VDB Entry
References () https://www.sourcecodester.com/ - () https://www.sourcecodester.com/ - Product

03 Sep 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como crítica en SourceCodester Petshop Management System 1.0. Esta vulnerabilidad afecta al código desconocido del archivo /controllers/add_user.php. La manipulación del argumento avatar permite la carga sin restricciones. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse.

30 Aug 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-30 15:15

Updated : 2024-09-04 16:16


NVD link : CVE-2024-8341

Mitre link : CVE-2024-8341

CVE.ORG link : CVE-2024-8341


JSON object : View

Products Affected

nelzkie15

  • pet_shop_management_system
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type