Lucene search
Fluid AttacksCVE-2023-5185HistorySep 28, 2023 - 9:15 p.m.
CVE-2023-5185
2023-09-2821:15:10
CWE-434
Fluid Attacks
web.nvd.nist.gov
34
gym management
management system
file upload
vulnerability
remote code execution
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0.001
Percentile
47.2%
Gym Management System Project v1.0 is vulnerable to
an Insecure File Upload vulnerability on the ‘file’
parameter of profile/i.php page, allowing an
authenticated attacker to obtain Remote Code Execution
on the server hosting the application.
Affected configurations
Node
projectworldsgym_management_system_projectMatch1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| projectworlds | gym_management_system_project | 1.0 | cpe:2.3:a:projectworlds:gym_management_system_project:1.0:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Gym Management System Project",
"vendor": "Gym Management System Project",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
]Related
cvelist
cvelist
CVE-2023-5185 Gym Management System Project v1.0 - Insecure File Upload
2023-09-28 20:52:35
nvd
nvd
CVE-2023-5185
2023-09-28 21:15:10
prion
prion
Unrestricted file upload
2023-09-28 21:15:00
vulnrichment
vulnrichment
CVE-2023-5185 Gym Management System Project v1.0 - Insecure File Upload
2023-09-28 20:52:35
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0.001
Percentile
47.2%
Related for CVE-2023-5185