Vulnerability-Lookup

CNVD-2023-54436

Vulnerability from cnvd - Published: 2023-06-30

Title

Yoga Class Registration System文件上传漏洞

Description

Yoga Class Registration System是一个瑜伽课程注册系统。 Yoga Class Registration System v1.0版本存在文件上传漏洞，该漏洞源于应用程序无法正确验证管理员上传的类缩略图，管理员权限的攻击者可利用该漏洞在服务器上执行命令。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html

Reference

https://fluidattacks.com/advisories/blessd/

Impacted products

Name
Yoga Class Registration System Yoga Class Registration System 1.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-1721",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-1721"
    }
  },
  "description": "Yoga Class Registration System\u662f\u4e00\u4e2a\u745c\u4f3d\u8bfe\u7a0b\u6ce8\u518c\u7cfb\u7edf\u3002\n\nYoga Class Registration System v1.0\u7248\u672c\u5b58\u5728\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u65e0\u6cd5\u6b63\u786e\u9a8c\u8bc1\u7ba1\u7406\u5458\u4e0a\u4f20\u7684\u7c7b\u7f29\u7565\u56fe\uff0c\u7ba1\u7406\u5458\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u670d\u52a1\u5668\u4e0a\u6267\u884c\u547d\u4ee4\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-54436",
  "openTime": "2023-06-30",
  "products": {
    "product": "Yoga Class Registration System Yoga Class Registration System 1.0"
  },
  "referenceLink": "https://fluidattacks.com/advisories/blessd/",
  "serverity": "\u9ad8",
  "submitTime": "2023-06-28",
  "title": "Yoga Class Registration System\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e"
}

CVE-2023-1721 (GCVE-0-2023-1721)

Vulnerability from cvelistv5 – Published: 2023-06-23 23:02 – Updated: 2024-11-27 19:55

Title

Yoga Class Registration System 1.0 - RCE

Summary

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-434 - Unrestricted Upload of File with Dangerous Type

Assigner

Fluid Attacks

References

URL

Tags

	https://fluidattacks.com/advisories/blessd/
	https://www.sourcecodester.com/php/16097/yoga-cla…

Impacted products

	Vendor	Product	Version
	Yoga Class Registration System	Yoga Class Registration System	Affected: 1.0

Date Public ?

2023-06-23 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:57:24.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://fluidattacks.com/advisories/blessd/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1721",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T19:55:01.358515Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T19:55:10.909Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Linux"
          ],
          "product": "Yoga Class Registration System",
          "repo": "https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html",
          "vendor": "Yoga Class Registration System",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "datePublic": "2023-06-23T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003eYoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.\n\n\n\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-650",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-650 Upload a Web Shell to a Web Server"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-23T23:02:38.582Z",
        "orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
        "shortName": "Fluid Attacks"
      },
      "references": [
        {
          "url": "https://fluidattacks.com/advisories/blessd/"
        },
        {
          "url": "https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Yoga Class Registration System 1.0 - RCE",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
    "assignerShortName": "Fluid Attacks",
    "cveId": "CVE-2023-1721",
    "datePublished": "2023-06-23T23:02:38.582Z",
    "dateReserved": "2023-03-30T10:25:14.148Z",
    "dateUpdated": "2024-11-27T19:55:10.909Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2023-54436

CVE-2023-1721 (GCVE-0-2023-1721)

Tags

Sightings

Nomenclature