CVE-2023-3187

A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176.
Configurations

Configuration 1 (hide)

cpe:2.3:a:teachers_record_management_system_project:teachers_record_management_system:1.0:*:*:*:*:*:*:*

History

07 Nov 2023, 04:18

Type Values Removed Values Added
CWE CWE-434

23 Oct 2023, 14:15

Type Values Removed Values Added
References
  • {'url': 'http://packetstormsecurity.com/files/172909/Teachers-Record-Management-System-1.0-Validation-Bypass.html', 'name': 'http://packetstormsecurity.com/files/172909/Teachers-Record-Management-System-1.0-Validation-Bypass.html', 'tags': ['Exploit', 'Third Party Advisory', 'VDB Entry'], 'refsource': 'MISC'}
CWE CWE-434

16 Jun 2023, 03:46

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
References (MISC) http://packetstormsecurity.com/files/172909/Teachers-Record-Management-System-1.0-Validation-Bypass.html - (MISC) http://packetstormsecurity.com/files/172909/Teachers-Record-Management-System-1.0-Validation-Bypass.html - Exploit, Third Party Advisory, VDB Entry
References (MISC) https://github.com/ctflearner/Vulnerability/blob/main/Teacher_Record_Management_System/trms.md - (MISC) https://github.com/ctflearner/Vulnerability/blob/main/Teacher_Record_Management_System/trms.md - Exploit, Third Party Advisory
References (MISC) https://vuldb.com/?ctiid.231176 - (MISC) https://vuldb.com/?ctiid.231176 - Third Party Advisory
References (MISC) https://vuldb.com/?id.231176 - (MISC) https://vuldb.com/?id.231176 - Third Party Advisory
First Time Teachers Record Management System Project
Teachers Record Management System Project teachers Record Management System
CPE cpe:2.3:a:teachers_record_management_system_project:teachers_record_management_system:1.0:*:*:*:*:*:*:*

14 Jun 2023, 07:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/172909/Teachers-Record-Management-System-1.0-Validation-Bypass.html -

09 Jun 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-09 21:15

Updated : 2024-05-17 02:27


NVD link : CVE-2023-3187

Mitre link : CVE-2023-3187

CVE.ORG link : CVE-2023-3187


JSON object : View

Products Affected

teachers_record_management_system_project

  • teachers_record_management_system
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type