Unrated severityNVD Advisory· Published Apr 7, 2024· Updated Aug 26, 2024
SourceCodester Prison Management System Avatar edit-photo.php unrestricted upload
CVE-2024-3436
Description
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259630 is the identifier assigned to this vulnerability.
Affected products
2- Range: = 1.0
- Range: 1.0
Patches
Vulnerability mechanics
References
4- github.com/fubxx/CVE/blob/main/PrisonManagementSystemRCE.mdmitreexploit
- vuldb.commitrethird-party-advisory
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
News mentions
0No linked articles in our index yet.