CVE-2019-18417
HIGHSourcecodester Restaurant Management System - Unrestricted File Upload
Title source: ruleDescription
Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.sevenlayers.com/index.php/265-restaurant-management-system-1-0-arbitrary-file-upload
Scores
CVSS v3
8.8
EPSS
0.0092
EPSS Percentile
76.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
sourcecodester/restaurant_management_system
1.0
Published
Oct 24, 2019
Tracked Since
Feb 18, 2026