CVE-2019-18417

Published: Oct 24, 2019Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.

Affected (1)

Products: Sourcecodester: Restaurant Management System

1 product

Restaurant Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sourcecodester Restaurant Management System	Version 1.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://www.sevenlayers.com/index.php/265-restaurant-management-system-1-0-arbitrary-file-upload

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.sevenlayers.com/index.php/265-restaurant-management-system-1-0-arbitrary-file-upload

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.