CVE-2024-48454

EPSS 0.87%
Veröffentlicht 24.10.2024 19:15:15
Zuletzt bearbeitet 23.04.2025 00:49:28
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oretnom23 ≫ Purchase Order Management System Version1.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.87%	0.542

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.sourcecodester.com/

Product

https://github.com/N0zoM1z0/CVEs/blob/main/CVE-2024-48454.md

Broken Link

https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html

Product

https://nvd.nist.gov/vuln/detail/CVE-2024-48454

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-48454

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-48454

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-48454