Lucene search

MitreCVE-2021-41644

HistoryOct 29, 2021 - 5:15 p.m.

CVE-2021-41644

2021-10-2917:15:07

CWE-434

mitre

web.nvd.nist.gov

cve-2021-41644

rce vulnerability

sourcecodester

online food ordering system 2.0

php

image upload filters

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.03

Percentile

91.0%

JSON

Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters.

Affected configurations

Nvd

Node

online_food_ordering_system_projectonline_food_ordering_systemMatch2.0

VendorProductVersionCPE
online_food_ordering_system_projectonline_food_ordering_system2.0cpe:2.3:a:online_food_ordering_system_project:online_food_ordering_system:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
online_food_ordering_system_project	online_food_ordering_system	2.0	cpe:2.3:a:online_food_ordering_system_project:online_food_ordering_system:2.0:::::::*

References

www.exploit-db.com/exploits/50305

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.03

Percentile

91.0%

JSON

Related for CVE-2021-41644