Lucene search

Fluid AttacksCVELIST:CVE-2023-5185

HistorySep 28, 2023 - 8:52 p.m.

CVE-2023-5185 Gym Management System Project v1.0 - Insecure File Upload

2023-09-2820:52:35

CWE-434

Fluid Attacks

www.cve.org

cve-2023-5185

gym management system

insecure file upload

remote code execution

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

47.2%

JSON

Gym Management System Project v1.0 is vulnerable to

an Insecure File Upload vulnerability on the ‘file’

parameter of profile/i.php page, allowing an

authenticated attacker to obtain Remote Code Execution

on the server hosting the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Gym Management System Project",
    "vendor": "Gym Management System Project",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

References

fluidattacks.com/advisories/orion

projectworlds.in/

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

47.2%

JSON

Related for CVELIST:CVE-2023-5185