CVE-2024-2058: SourceCodester Petrol Pump Management Software product.php unrestricted upload
First published: Fri Mar 01 2024(Updated: )
A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/product.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255373 was assigned to this vulnerability.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mayurik Petrol Pump Management | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://vuldb.com/?id.255373
- https://vuldb.com/?ctiid.255373
- https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md
- https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md
- agent/weakness
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/references
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- vendor/mayurik
- canonical/mayurik petrol pump management
- version/mayurik petrol pump management/1.0