CVE-2022-3436

Published: Oct 9, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210367.

Affected (1)

Products: Web Based Student Clearance System Project: Web Based Student Clearance System

Web Based Student Clearance System Project

1 product

Web Based Student Clearance System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Web Based Student Clearance System Project Web Based Student Clearance System	Version 1.0

Related CWEs

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

http://packetstormsecurity.com/files/176007/Online-Student-Clearance-System-1.0-Shell-Upload.html

Source: cna@vuldb.com

https://vuldb.com/?id.210367

Source: cna@vuldb.com

Permissions RequiredThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/176007/Online-Student-Clearance-System-1.0-Shell-Upload.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://vuldb.com/?id.210367

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party AdvisoryVDB Entry

Timeline

No history available yet.