An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCanteen Management System Project Canteen Management System
APPCanteen Management System Project1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
Related vulnerabilities
CVE-2023-23279CRITICAL9.8ten sam produkt
Canteen Management System 1.0 is vulnerable to SQL Injection via /php_action/getOrderReport.php.
CVE-2022-43146HIGH7.2ten sam produkt
An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows a...
CVE-2022-43277HIGH7.2ten sam produkt
Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthap...
CVE-2022-43278HIGH7.2ten sam produkt
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId pa...
CVE-2022-43290HIGH7.2ten sam produkt
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...