CVE-2023-0943

EIP tracks 1 public exploit for CVE-2023-0943. PoCs published by Ahmed Ismail.

AI-analyzed exploit summary This exploit demonstrates a file upload vulnerability in Best POS Management System v1.0, allowing an authenticated attacker to upload a malicious PHP file disguised as an image, leading to remote code execution (RCE). The PoC provides clear steps to exploit the vulnerability by uploading a shell.php file and executing system commands via a GET parameter.

A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function save_settings of the file index.php?page=site_settings of the component Image Handler. The manipulation of the argument img with the input ../../shell.php leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591.