CVE-2019-18417

HIGH

Sourcecodester Restaurant Management System 1.0 - Authenticated Arbitrary File Upload via Food Addition

Title source: llm

Description

Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.sevenlayers.com/index.php/265-restaurant-management-system-1-0-arbitrary-file-upload

Scores

CVSS v3 8.8

EPSS 0.0173

EPSS Percentile 74.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

sourcecodester/restaurant_management_system 1.0

Published Oct 24, 2019

Tracked Since Feb 18, 2026