CVE-2019-18417

Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.sevenlayers.com/index.php/265-restaurant-management-system-1-0-arbitrary-file-upload	Exploit Third Party Advisory
https://www.sevenlayers.com/index.php/265-restaurant-management-system-1-0-arbitrary-file-upload	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sourcecodester:restaurant_management_system:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:33

Type	Values Removed	Values Added
References	~~() https://www.sevenlayers.com/index.php/265-restaurant-management-system-1-0-arbitrary-file-upload - Exploit, Third Party Advisory~~	() https://www.sevenlayers.com/index.php/265-restaurant-management-system-1-0-arbitrary-file-upload - Exploit, Third Party Advisory

Information

Published : 2019-10-24 18:15

Updated : 2024-11-21 04:33

NVD link : CVE-2019-18417

Mitre link : CVE-2019-18417

CVE.ORG link : CVE-2019-18417

JSON object : View

Products Affected

sourcecodester

restaurant_management_system

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2019-18417", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-10-24T18:15:11.810", "references": [{"url": "https://www.sevenlayers.com/index.php/265-restaurant-management-system-1-0-arbitrary-file-upload", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.sevenlayers.com/index.php/265-restaurant-management-system-1-0-arbitrary-file-upload", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., \"add a new food\" allows .php files."}, {"lang": "es", "value": "Sourcecodester Restaurant Management System versi\u00f3n 1.0, permite a un atacante autenticado cargar archivos arbitrarios que pueden resultar en la ejecuci\u00f3n de c\u00f3digo. El problema se presenta porque la aplicaci\u00f3n no logra sanear adecuadamente las entradas suministradas por el usuario, por ejemplo, \"add a new food\" permite archivos .php."}], "lastModified": "2024-11-21T04:33:13.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sourcecodester:restaurant_management_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E36E0371-8912-45AD-A021-455794B43132"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}