CVE-2024-3948

Published: Apr 18, 2024Modified: Feb 10, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in SourceCodester Home Clean Service System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file \admin\student.add.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261440.

Affected (1)

Products: Library System Project: Library System

Library System Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Library System Project Library System	Version 1.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (8)

https://github.com/xuanluansec/vul/issues/5

Source: cna@vuldb.com

ExploitIssue TrackingThird Party Advisory

https://vuldb.com/?ctiid.261440

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.261440

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.318722

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://github.com/xuanluansec/vul/issues/5

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://vuldb.com/?ctiid.261440

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVDB Entry

https://vuldb.com/?id.261440

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.318722

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.