Lucene search

K
vulnrichmentVulDBVULNRICHMENT:CVE-2024-2058
HistoryMar 01, 2024 - 10:12 a.m.

CVE-2024-2058 SourceCodester Petrol Pump Management Software product.php unrestricted upload

2024-03-0110:12:20
CWE-434
VulDB
github.com
1
cve-2024-2058
sourcecodester petrol pump management software
unrestricted upload
remote attack
vdb-255373

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:P/I:P/A:P

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

AI Score

4.9

Confidence

High

SSVC

Exploitation

poc

Automatable

no

Technical Impact

partial

A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/product.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255373 was assigned to this vulnerability.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:sourcecodester:petrol_pump_management:1.0:*:*:*:*:*:*:*"
    ],
    "vendor": "sourcecodester",
    "product": "petrol_pump_management",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ],
    "defaultStatus": "unknown"
  }
]

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:P/I:P/A:P

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

AI Score

4.9

Confidence

High

SSVC

Exploitation

poc

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2024-2058