Gym Management System Project v1.0 is vulnerable to

an Insecure File Upload vulnerability on the 'file'

parameter of profile/i.php page, allowing an

authenticated attacker to obtain Remote Code Execution

on the server hosting the application.



Advisories
Source ID Title
EUVD EUVD EUVD-2023-57522 Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 23 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Fluid Attacks

Published:

Updated: 2024-09-23T18:57:19.596Z

Reserved: 2023-09-25T22:29:10.371Z

Link: CVE-2023-5185

cve-icon Vulnrichment

Updated: 2024-08-02T07:52:07.802Z

cve-icon NVD

Status : Modified

Published: 2023-09-28T21:15:10.507

Modified: 2024-11-21T08:41:15.517

Link: CVE-2023-5185

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.