SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Services.
The vulnerability classified as CWE-73 (External Control of File Name or Path) occurs in the services management module available at the /dashboard/Services path. An attacker can upload a malicious file (e.g., PHP webshell) without requiring authentication, login, or user interaction. The attack vector is network-based with low complexity, making exploitation trivial.
Successful exploitation allows an attacker to execute arbitrary code remotely on the server (RCE), which may lead to complete system takeover, data theft, modification of website content, or its destruction.
Apply patches available from the vendor according to the references. Until the fix is implemented, it is recommended to disable or restrict access to the /dashboard/Services module and implement server-side validation for uploaded files (whitelist of allowed types and extensions).
SourceCodester Company Website CMS version 1.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTorrahclef Company Website Cms
APPTorrahclef1.0
Related vulnerabilities
Podatność File Upload w SourceCodester Company Website CMS 1.0
A vulnerability was found in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file ...
A vulnerability was determined in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown c...
SourceCodester Company Website CMS 1.0 is vulnerable to Cross Site Scripting (XSS) via /dashboard/Services.