CVE-2023-1722: Yoga Class Registration System 1.0 - ATO
First published: Sat Jun 24 2023(Updated: )
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yoga Class Registration System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-1722?
CVE-2023-1722 has been classified as a critical vulnerability due to the potential for remote command execution.
How do I fix CVE-2023-1722?
To mitigate CVE-2023-1722, ensure that proper validation and sanitization checks are in place for uploaded thumbnails.
Who is affected by CVE-2023-1722?
CVE-2023-1722 affects users of Yoga Class Registration System version 1.0.
What exploitation techniques are associated with CVE-2023-1722?
CVE-2023-1722 can be exploited by uploading malicious thumbnails that allow command execution on the server.
Is there a patch available for CVE-2023-1722?
As of now, there is no official patch released for CVE-2023-1722, so users should implement immediate remediation measures.
- agent/references
- agent/type
- agent/author
- agent/weakness
- agent/severity
- agent/title
- agent/first-publish-date
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/yoga class registration system project
- canonical/yoga class registration system
- version/yoga class registration system/1.0