An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component.
References
Link | Resource |
---|---|
https://abstracted-howler-727.notion.site/CVE-2023-44824-ab76909b4a0e477b87aa8d0ca4aa4ca7 | Third Party Advisory |
https://abstracted-howler-727.notion.site/Vulnerability-Description-ccc2e6489a0d43859c61a7982e649da1 | Exploit Third Party Advisory |
https://gist.github.com/Muscial/e46c4e4031d25a3684cda124dfc45d96 | Third Party Advisory |
Configurations
History
17 Apr 2024, 16:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oretnom23:expense_management_system:1.0:*:*:*:*:*:*:* | |
First Time |
Oretnom23
Oretnom23 expense Management System |
09 Jan 2024, 03:09
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://gist.github.com/Muscial/e46c4e4031d25a3684cda124dfc45d96 - Third Party Advisory |
30 Oct 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Oct 2023, 18:28
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:expense_management_system_project:expense_management_system:1.0:*:*:*:*:*:*:* | |
First Time |
Expense Management System Project expense Management System
Expense Management System Project |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CWE | CWE-434 | |
References | (MISC) https://abstracted-howler-727.notion.site/CVE-2023-44824-ab76909b4a0e477b87aa8d0ca4aa4ca7 - Third Party Advisory | |
References | (MISC) https://abstracted-howler-727.notion.site/Vulnerability-Description-ccc2e6489a0d43859c61a7982e649da1 - Exploit, Third Party Advisory |
17 Oct 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-17 13:15
Updated : 2024-04-17 16:21
NVD link : CVE-2023-44824
Mitre link : CVE-2023-44824
CVE.ORG link : CVE-2023-44824
JSON object : View
Products Affected
oretnom23
- expense_management_system
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type