CVE-2019-18417

Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.

Published: Oct 24, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-18417
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
sourcecodester / restaurant_management_system	1.0	1.0.x

https://www.sevenlayers.com/index.php/265-restaurant-management-system-1-0-arbitrary-file-upload

Vulnerability Database

CVE-2019-18417