Lucene search
HistoryJun 24, 2023 - 12:15 a.m.
CVE-2023-1721
cve-2023-1721
administrator commands
server vulnerability
thumbnail validation
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.001
Percentile
45.1%
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.
Affected configurations
Node
yoga_class_registration_system_projectyoga_class_registration_systemMatch1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| yoga_class_registration_system_project | yoga_class_registration_system | 1.0 | cpe:2.3:a:yoga_class_registration_system_project:yoga_class_registration_system:1.0:*:*:*:*:*:*:* |
Related
prion
prion
Authentication flaw
2023-06-24 00:15:00
cnvd
cnvd
Yoga Class Registration System File Upload Vulnerability
2023-06-28 00:00:00
cve
cve
CVE-2023-1721
2023-06-24 00:15:09
cvelist
cvelist
CVE-2023-1721 Yoga Class Registration System 1.0 - RCE
2023-06-23 23:02:38
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.001
Percentile
45.1%
Related for NVD:CVE-2023-1721