CVE-2023-5795

A vulnerability was found in CodeAstro POS System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profil of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243601 was assigned to this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:martmbithi:pos_system:1:0:*:*:*:*:*:*

History

21 Nov 2024, 08:42

Type Values Removed Values Added
CVSS v2 : 6.5
v3 : 8.8
v2 : 6.5
v3 : 6.3
References () https://drive.google.com/file/d/1bjDpJdG28Q5-RGJB89Dzw6YzZ1VHN23X/view?usp=sharing - Exploit, Third Party Advisory () https://drive.google.com/file/d/1bjDpJdG28Q5-RGJB89Dzw6YzZ1VHN23X/view?usp=sharing - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.243601 - Third Party Advisory () https://vuldb.com/?ctiid.243601 - Third Party Advisory
References () https://vuldb.com/?id.243601 - Third Party Advisory () https://vuldb.com/?id.243601 - Third Party Advisory

06 Nov 2023, 18:56

Type Values Removed Values Added
CWE CWE-434
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:martmbithi:pos_system:1:0:*:*:*:*:*:*
First Time Martmbithi
Martmbithi pos System
References (MISC) https://drive.google.com/file/d/1bjDpJdG28Q5-RGJB89Dzw6YzZ1VHN23X/view?usp=sharing - (MISC) https://drive.google.com/file/d/1bjDpJdG28Q5-RGJB89Dzw6YzZ1VHN23X/view?usp=sharing - Exploit, Third Party Advisory
References (MISC) https://vuldb.com/?ctiid.243601 - (MISC) https://vuldb.com/?ctiid.243601 - Third Party Advisory
References (MISC) https://vuldb.com/?id.243601 - (MISC) https://vuldb.com/?id.243601 - Third Party Advisory

26 Oct 2023, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-26 18:15

Updated : 2024-11-21 08:42


NVD link : CVE-2023-5795

Mitre link : CVE-2023-5795

CVE.ORG link : CVE-2023-5795


JSON object : View

Products Affected

martmbithi

  • pos_system
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type