Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Drag and Drop Image Upload by SourceCodester
CVE-2024-9975 (GCVE-0-2024-9975)
Vulnerability from nvd – Published: 2024-10-15 11:00 – Updated: 2024-10-15 13:31
VLAI
Title
SourceCodester Drag and Drop Image Upload upload.php unrestricted upload
Summary
A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.280340 | vdb-entry |
| https://vuldb.com/?ctiid.280340 | signaturepermissions-required |
| https://vuldb.com/?submit.423445 | third-party-advisory |
| https://github.com/JunMing27/CVE/blob/main/Source… | exploit |
| https://www.sourcecodester.com/ | product |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Drag and Drop Image Upload |
Affected:
1.0
|
|
| sourcecodester | drag_and_drop_image_upload |
Affected:
1.0
cpe:2.3:a:sourcecodester:drag_and_drop_image_upload:1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:drag_and_drop_image_upload:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "drag_and_drop_image_upload",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9975",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T13:16:04.048275Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T13:31:33.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Drag and Drop Image Upload",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "scream3gg (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in SourceCodester Drag and Drop Image Upload 1.0 ausgemacht. Davon betroffen ist unbekannter Code der Datei /upload.php. Mittels dem Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T11:00:07.457Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-280340 | SourceCodester Drag and Drop Image Upload upload.php unrestricted upload",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.280340"
},
{
"name": "VDB-280340 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.280340"
},
{
"name": "Submit #423445 | SourceCodester Drag and Drop Image Upload without Refresh/Reload Using PHP and Ajax 1.0 Unrestricted Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.423445"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/JunMing27/CVE/blob/main/SourceCodester%20-%20Arbitrary%20File%20Upload%20vulnerability%20leads%20to%20RCE%20in%20Drag%20and%20Drop%20Image%20Upload%20without%20Refresh%20Reload%20Using%20PHP%20and%20Ajax.md"
},
{
"tags": [
"product"
],
"url": "https://www.sourcecodester.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-15T07:24:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Drag and Drop Image Upload upload.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-9975",
"datePublished": "2024-10-15T11:00:07.457Z",
"dateReserved": "2024-10-15T05:19:09.732Z",
"dateUpdated": "2024-10-15T13:31:33.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9975 (GCVE-0-2024-9975)
Vulnerability from cvelistv5 – Published: 2024-10-15 11:00 – Updated: 2024-10-15 13:31
VLAI
Title
SourceCodester Drag and Drop Image Upload upload.php unrestricted upload
Summary
A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.280340 | vdb-entry |
| https://vuldb.com/?ctiid.280340 | signaturepermissions-required |
| https://vuldb.com/?submit.423445 | third-party-advisory |
| https://github.com/JunMing27/CVE/blob/main/Source… | exploit |
| https://www.sourcecodester.com/ | product |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Drag and Drop Image Upload |
Affected:
1.0
|
|
| sourcecodester | drag_and_drop_image_upload |
Affected:
1.0
cpe:2.3:a:sourcecodester:drag_and_drop_image_upload:1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:drag_and_drop_image_upload:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "drag_and_drop_image_upload",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9975",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T13:16:04.048275Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T13:31:33.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Drag and Drop Image Upload",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "scream3gg (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in SourceCodester Drag and Drop Image Upload 1.0 ausgemacht. Davon betroffen ist unbekannter Code der Datei /upload.php. Mittels dem Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T11:00:07.457Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-280340 | SourceCodester Drag and Drop Image Upload upload.php unrestricted upload",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.280340"
},
{
"name": "VDB-280340 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.280340"
},
{
"name": "Submit #423445 | SourceCodester Drag and Drop Image Upload without Refresh/Reload Using PHP and Ajax 1.0 Unrestricted Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.423445"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/JunMing27/CVE/blob/main/SourceCodester%20-%20Arbitrary%20File%20Upload%20vulnerability%20leads%20to%20RCE%20in%20Drag%20and%20Drop%20Image%20Upload%20without%20Refresh%20Reload%20Using%20PHP%20and%20Ajax.md"
},
{
"tags": [
"product"
],
"url": "https://www.sourcecodester.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-15T07:24:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Drag and Drop Image Upload upload.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-9975",
"datePublished": "2024-10-15T11:00:07.457Z",
"dateReserved": "2024-10-15T05:19:09.732Z",
"dateUpdated": "2024-10-15T13:31:33.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}