Lucene search
HistorySep 28, 2023 - 9:15 p.m.
CVE-2023-5185
gym management system
insecure file upload
remote code execution
authentication
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.001
Percentile
47.2%
Gym Management System Project v1.0 is vulnerable to
an Insecure File Upload vulnerability on the ‘file’
parameter of profile/i.php page, allowing an
authenticated attacker to obtain Remote Code Execution
on the server hosting the application.
Affected configurations
Node
projectworldsgym_management_system_projectMatch1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| projectworlds | gym_management_system_project | 1.0 | cpe:2.3:a:projectworlds:gym_management_system_project:1.0:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2023-5185 Gym Management System Project v1.0 - Insecure File Upload
2023-09-28 20:52:35
cve
cve
CVE-2023-5185
2023-09-28 21:15:10
prion
prion
Unrestricted file upload
2023-09-28 21:15:00
vulnrichment
vulnrichment
CVE-2023-5185 Gym Management System Project v1.0 - Insecure File Upload
2023-09-28 20:52:35
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.001
Percentile
47.2%
Related for NVD:CVE-2023-5185