CVE-2023-1721

CRITICAL

Yoga Class Registration System <1.0 - Command Injection

Title source: llm

Description

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://fluidattacks.com/advisories/blessd/

Product

https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html

Scores

CVSS v3 9.1

EPSS 0.0010

EPSS Percentile 27.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

yoga_class_registration_system_project/yoga_class_registration_system 1.0

Published Jun 24, 2023

Tracked Since Feb 18, 2026