CVE-2019-18417

Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sourcecodester:restaurant_management_system:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:33

Type Values Removed Values Added
References () https://www.sevenlayers.com/index.php/265-restaurant-management-system-1-0-arbitrary-file-uploadĀ - Exploit, Third Party Advisory () https://www.sevenlayers.com/index.php/265-restaurant-management-system-1-0-arbitrary-file-uploadĀ - Exploit, Third Party Advisory

Information

Published : 2019-10-24 18:15

Updated : 2024-11-21 04:33


NVD link : CVE-2019-18417

Mitre link : CVE-2019-18417

CVE.ORG link : CVE-2019-18417


JSON object : View

Products Affected

sourcecodester

  • restaurant_management_system
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type