A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save_product. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264463.
References
| Link | Resource |
|---|---|
| https://github.com/Hefei-Coffee/cve/blob/main/upload2.md | Exploit |
| https://vuldb.com/?ctiid.264463 | Permissions Required VDB Entry |
| https://vuldb.com/?id.264463 | VDB Entry |
| https://vuldb.com/?submit.333891 | Third Party Advisory VDB Entry |
| https://github.com/Hefei-Coffee/cve/blob/main/upload2.md | Exploit |
| https://vuldb.com/?ctiid.264463 | Permissions Required VDB Entry |
| https://vuldb.com/?id.264463 | VDB Entry |
| https://vuldb.com/?submit.333891 | Third Party Advisory VDB Entry |
Configurations
History
09 Dec 2024, 22:41
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Oretnom23 simple Online Bidding System
Oretnom23 |
|
| References | () https://github.com/Hefei-Coffee/cve/blob/main/upload2.md - Exploit | |
| References | () https://vuldb.com/?ctiid.264463 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.264463 - VDB Entry | |
| References | () https://vuldb.com/?submit.333891 - Third Party Advisory, VDB Entry | |
| CPE | cpe:2.3:a:oretnom23:simple_online_bidding_system:1.0:*:*:*:*:*:*:* |
Information
Published : 2024-05-16 03:15
Updated : 2024-12-09 22:41
NVD link : CVE-2024-4927
Mitre link : CVE-2024-4927
CVE.ORG link : CVE-2024-4927
JSON object : View
Products Affected
oretnom23
- simple_online_bidding_system
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type