CVE-2023-7058

EPSS 0.22%
Veröffentlicht 22.12.2023 05:15:13
Zuletzt bearbeitet 21.11.2024 08:45:09
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248749 was assigned to this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oretnom23 ≫ Simple Student Attendance System Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.448

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-24 Path Traversal: '../filedir'

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.

https://github.com/laoquanshi/Simple-Student-Attendance-System

Third Party Advisory

https://vuldb.com/?ctiid.248749

Third Party Advisory

Permissions Required

https://vuldb.com/?id.248749

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-7058

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-7058

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-7058

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-7058