Lucene search

Fluid AttacksCVELIST:CVE-2023-1721

HistoryJun 23, 2023 - 11:02 p.m.

CVE-2023-1721 Yoga Class Registration System 1.0 - RCE

2023-06-2323:02:38

CWE-434

Fluid Attacks

www.cve.org

cve-2023-1721

yoga class registration system

rce

administrator

server

validation

thumbnails

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "platforms": [
      "Linux"
    ],
    "product": "Yoga Class Registration System",
    "repo": "https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html",
    "vendor": "Yoga Class Registration System",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

References

fluidattacks.com/advisories/blessd/

www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

Related for CVELIST:CVE-2023-1721