CVE-2023-0257

CVSS V2 None CVSS V3 None
Description
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fos/admin/index.php?page=menu of the component Menu Form. The manipulation of the argument Image with the input <?php system($_GET['c']); ?> leads to unrestricted upload. The attack can be launched remotely. The identifier VDB-218185 was assigned to this vulnerability.
Overview
  • CVE ID
  • CVE-2023-0257
  • Assigner
  • cna@vuldb.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-12T22:15:09
  • Last Modified Date
  • 2023-01-20T20:36:12
Weakness Enumerations
CWE URL
CWE-434 http://cwe.mitre.org/data/definitions/434.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:online_food_ordering_system_project:online_food_ordering_system:2.0:*:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://vuldb.com/?ctiid.218185
https://vuldb.com/?id.218185
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-0257
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0257
History
Created Old Value New Value Data Type Notes
2023-01-12 22:16:40 Added to TrackCVE
2023-01-12 22:16:41 Weakness Enumeration new
2023-01-13 05:15:05 2023-01-13T05:12:35 CVE Modified Date updated
2023-01-13 05:15:05 Received Awaiting Analysis Vulnerability Status updated
2023-01-13 05:15:08 CVSS V3 information new
2023-01-13 05:15:08 CVSS V2 information new
2023-01-18 19:18:55 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-18 19:18:58 CVSS V3 information new
2023-01-18 19:18:58 CVSS V2 information new
2023-01-20 21:13:58 2023-01-20T20:36:12 CVE Modified Date updated
2023-01-20 21:13:58 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-20 21:14:01 CPE Information updated
2023-01-20 21:14:01 CVSS V3 information new
2023-01-20 21:14:01 CVSS V2 information new