Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for Supplier Management System by code-projects

    CVE-2023-3274 (GCVE-0-2023-3274)

    Vulnerability from nvd – Published: 2023-06-15 12:31 – Updated: 2024-08-02 06:48
    VLAI
    Title
    code-projects Supplier Management System Picture btn_functions.php unrestricted upload
    Summary
    A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btn_functions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231624.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.231624 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.231624 signaturepermissions-required
    https://github.com/wuyangzihan/SUPPLIER-MANAGEMEN… exploit
    Impacted products
    Credits
    WuYangZiHan (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.385Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.231624"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.231624"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/wuyangzihan/SUPPLIER-MANAGEMENT-SYSTEM/blob/main/SUPPLIER%20MANAGEMENT%20SYSTEM%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Picture Handler"
              ],
              "product": "Supplier Management System",
              "vendor": "code-projects",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "WuYangZiHan (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btn_functions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231624."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in code-projects Supplier Management System 1.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei btn_functions.php der Komponente Picture Handler. Durch Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T13:22:13.279Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.231624"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.231624"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/wuyangzihan/SUPPLIER-MANAGEMENT-SYSTEM/blob/main/SUPPLIER%20MANAGEMENT%20SYSTEM%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-06-15T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-06-15T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-06-15T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-07-13T19:37:21.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "code-projects Supplier Management System Picture btn_functions.php unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3274",
        "datePublished": "2023-06-15T12:31:02.902Z",
        "dateReserved": "2023-06-15T12:08:29.479Z",
        "dateUpdated": "2024-08-02T06:48:08.385Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3274 (GCVE-0-2023-3274)

    Vulnerability from cvelistv5 – Published: 2023-06-15 12:31 – Updated: 2024-08-02 06:48
    VLAI
    Title
    code-projects Supplier Management System Picture btn_functions.php unrestricted upload
    Summary
    A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btn_functions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231624.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.231624 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.231624 signaturepermissions-required
    https://github.com/wuyangzihan/SUPPLIER-MANAGEMEN… exploit
    Impacted products
    Credits
    WuYangZiHan (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.385Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.231624"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.231624"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/wuyangzihan/SUPPLIER-MANAGEMENT-SYSTEM/blob/main/SUPPLIER%20MANAGEMENT%20SYSTEM%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Picture Handler"
              ],
              "product": "Supplier Management System",
              "vendor": "code-projects",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "WuYangZiHan (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btn_functions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231624."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in code-projects Supplier Management System 1.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei btn_functions.php der Komponente Picture Handler. Durch Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T13:22:13.279Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.231624"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.231624"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/wuyangzihan/SUPPLIER-MANAGEMENT-SYSTEM/blob/main/SUPPLIER%20MANAGEMENT%20SYSTEM%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-06-15T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-06-15T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-06-15T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-07-13T19:37:21.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "code-projects Supplier Management System Picture btn_functions.php unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3274",
        "datePublished": "2023-06-15T12:31:02.902Z",
        "dateReserved": "2023-06-15T12:08:29.479Z",
        "dateUpdated": "2024-08-02T06:48:08.385Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }