{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3503", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-07-04T13:26:25.621Z", "datePublished": "2023-07-04T14:31:03.508Z", "dateUpdated": "2024-10-31T19:46:51.594Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-23T14:02:30.253Z"}, "title": "SourceCodester Shopping Website insert-product.php unrestricted upload", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-434", "lang": "en", "description": "CWE-434 Unrestricted Upload"}]}], "affected": [{"vendor": "SourceCodester", "product": "Shopping Website", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232951."}, {"lang": "de", "value": "In SourceCodester Shopping Website 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei insert-product.php. Durch Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2023-07-04T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-07-04T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-07-04T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-07-23T08:47:22.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "HuangZhengWei (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.232951", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.232951", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/Turbo51/CveHubList/blob/main/Shopping%20Website%20(E-Commerce)%20%20insert-product.php%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf", "tags": ["exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.607Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.232951", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.232951", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/Turbo51/CveHubList/blob/main/Shopping%20Website%20(E-Commerce)%20%20insert-product.php%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf", "tags": ["exploit", "x_transferred"]}]}, {"affected": [{"vendor": "sourcecodester", "product": "shopping_website", "cpes": ["cpe:2.3:a:sourcecodester:shopping_website:1.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-31T19:45:16.018650Z", "id": "CVE-2023-3503", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-31T19:46:51.594Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.232951", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.232951", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/Turbo51/CveHubList/blob/main/Shopping%20Website%20(E-Commerce)%20%20insert-product.php%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.607Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3503", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-31T19:45:16.018650Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:sourcecodester:shopping_website:1.0:*:*:*:*:*:*:*"], "vendor": "sourcecodester", "product": "shopping_website", "versions": [{"status": "affected", "version": "1.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-31T19:46:41.064Z"}}], "cna": {"title": "SourceCodester Shopping Website insert-product.php unrestricted upload", "credits": [{"lang": "en", "type": "analyst", "value": "HuangZhengWei (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "affected": [{"vendor": "SourceCodester", "product": "Shopping Website", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2023-07-04T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2023-07-04T00:00:00.000Z", "value": "CVE reserved"}, {"lang": "en", "time": "2023-07-04T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2023-07-23T08:47:22.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.232951", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.232951", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/Turbo51/CveHubList/blob/main/Shopping%20Website%20(E-Commerce)%20%20insert-product.php%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232951."}, {"lang": "de", "value": "In SourceCodester Shopping Website 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei insert-product.php. Durch Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-23T14:02:30.253Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3503", "state": "PUBLISHED", "dateUpdated": "2024-10-31T19:46:51.594Z", "dateReserved": "2023-07-04T13:26:25.621Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2023-07-04T14:31:03.508Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sanchitkmr:shopping_website:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F153EFA2-57C7-4DD0-8ED0-6DDE9D48AEA0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232951."}], "id": "CVE-2023-3503", "lastModified": "2024-11-21T08:17:24.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-04T15:15:09.177", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/Turbo51/CveHubList/blob/main/Shopping%20Website%20(E-Commerce)%20%20insert-product.php%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?ctiid.232951"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.232951"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/Turbo51/CveHubList/blob/main/Shopping%20Website%20(E-Commerce)%20%20insert-product.php%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?ctiid.232951"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.232951"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}