Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/blessd/ | Exploit Third Party Advisory |
https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html | Product |
Configurations
Configuration 1 (hide)
|
History
30 Jun 2023, 07:35
Type | Values Removed | Values Added |
---|---|---|
First Time |
Yoga Class Registration System Project yoga Class Registration System
Yoga Class Registration System Project |
|
CWE | CWE-434 | |
CPE | cpe:2.3:a:yoga_class_registration_system_project:yoga_class_registration_system:1.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
References | (MISC) https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html - Product | |
References | (MISC) https://fluidattacks.com/advisories/blessd/ - Exploit, Third Party Advisory |
24 Jun 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-24 00:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-1721
Mitre link : CVE-2023-1721
CVE.ORG link : CVE-2023-1721
JSON object : View
Products Affected
yoga_class_registration_system_project
- yoga_class_registration_system
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type