CVE-2022-3436

🗓️ 09 Oct 2022 00:00:00Reported by VulDBType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 56 Views🌐 WEB

Vulnerability in SourceCodester Web-Based Student Clearance System 1.0 allows unrestricted remote file upload (CVE-2022-3436)

Reporter	Title	Published	Views	Family All 13
0day.today	Web Based Student Clearance 1.0 Shell Upload Vulnerability	13 Oct 202200:00	–	zdt
0day.today	Online Student Clearance System 1.0 Shell Upload Exploit	30 Nov 202300:00	–	zdt
ATTACKERKB	CVE-2022-3436	9 Oct 202209:15	–	attackerkb
CNNVD	Web-Based Student Clearance System 代码问题漏洞	9 Oct 202200:00	–	cnnvd
CNVD	Web-Based Student Clearance System File Upload Vulnerability	12 Oct 202200:00	–	cnvd
Cvelist	CVE-2022-3436 SourceCodester Web-Based Student Clearance System Photo edit-photo.php unrestricted upload	9 Oct 202200:00	–	cvelist
EUVD	EUVD-2022-42812	3 Oct 202520:07	–	euvd
NVD	CVE-2022-3436	9 Oct 202209:15	–	nvd
Packet Storm	Web Based Student Clearance 1.0 Shell Upload	10 Oct 202200:00	–	packetstorm
Packet Storm	Online Student Clearance System 1.0 Shell Upload	30 Nov 202300:00	–	packetstorm

NVD

Vulners

Node

web-based_student_clearance_system_project web-based_student_clearance_systemMatch1.0

[
  {
    "vendor": "SourceCodester",
    "product": "Web-Based Student Clearance System",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
packetstormsecurity	www.packetstormsecurity.com/files/176007/Online-Student-Clearance-System-1.0-Shell-Upload.html

Parameter	Position	Path	Description	CWE
userImage	request body	student_clearance_system_Aurthur_Javis/student_clearance_system_Aurthur_Javis/edit-photo.php	Unrestricted file upload leading to remote code execution via uploaded PHP shell	CWE-266, CWE-434