CVE-2023-0257

Published: Jan 12, 2023Modified: Mar 30, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fos/admin/index.php?page=menu of the component Menu Form. The manipulation of the argument Image with the input <?php system($_GET['c']); ?> leads to unrestricted upload. The attack can be launched remotely. The identifier VDB-218185 was assigned to this vulnerability.

Affected (1)

Products: Oretnom23: Online Food Ordering System

1 product

Online Food Ordering System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oretnom23 Online Food Ordering System	Version 2.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://vuldb.com/?ctiid.218185

Source: cna@vuldb.com

Third Party Advisory

https://vuldb.com/?id.218185

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?ctiid.218185

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://vuldb.com/?id.218185

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.