CVE-2023-1722

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

Y

oga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.

References

Link	Resource
https://fluidattacks.com/advisories/wyckoff/	Exploit Third Party Advisory
https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html	Product
https://fluidattacks.com/advisories/wyckoff/	Exploit Third Party Advisory
https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:yoga_class_registration_system_project:yoga_class_registration_system:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:39

Type	Values Removed	Values Added
References	~~() https://fluidattacks.com/advisories/wyckoff/ - Exploit, Third Party Advisory~~	() https://fluidattacks.com/advisories/wyckoff/ - Exploit, Third Party Advisory
References	~~() https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html - Product~~	() https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html - Product
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : 9.1

Information

Published : 2023-06-24 02:15

Updated : 2024-11-21 07:39

NVD link : CVE-2023-1722

Mitre link : CVE-2023-1722

CVE.ORG link : CVE-2023-1722

JSON object : View

Products Affected

yoga_class_registration_system_project

yoga_class_registration_system

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2023-1722", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-06-24T02:15:08.233", "references": [{"url": "https://fluidattacks.com/advisories/wyckoff/", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://fluidattacks.com/advisories/wyckoff/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-352"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.\n\n\n\n\n"}], "lastModified": "2024-11-21T07:39:46.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yoga_class_registration_system_project:yoga_class_registration_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AC6CA18-C062-4016-BFD9-45A66C7AEEA8"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}