CVE-2023-2246

CVSS V2 None CVSS V3 None

Description

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236.

Overview

CVE ID
CVE-2023-2246

Assigner
cna@vuldb.com

Vulnerability Status
Awaiting Analysis

Published Version
2023-04-23T16:15:07

Last Modified Date
2023-04-24T13:01:50

Weakness Enumerations

CWE	URL
CWE-434	http://cwe.mitre.org/data/definitions/434.html

References

Reference URL	Reference Tags
https://docs.google.com/document/d/1Bzt1UOXHJYyNFvTUsMO4zfbiDd_cKxuEygjAww2GcZQ/edit
https://vuldb.com/?ctiid.227236
https://vuldb.com/?id.227236

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-2246
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2246

History

Created	Old Value	New Value	Data Type	Notes
2023-04-23 17:00:49				Added to TrackCVE
2023-04-23 17:00:50			Weakness Enumeration	new
2023-04-24 14:07:10		2023-04-24T13:01:50	CVE Modified Date	updated
2023-04-24 14:07:10	Received	Awaiting Analysis	Vulnerability Status	updated
2023-04-24 14:07:17			CVSS V3 information	new
2023-04-24 14:07:17			CVSS V2 information	new