CVE-2023-2246

MEDIUM

Online Pizza Ordering System - Unrestricted File Upload

Title source: rule

Description

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236.

Exploits (1)

exploitdb WORKING POC VERIFIED

by URGAN · pythonwebappsphp

https://www.exploit-db.com/exploits/51431

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://docs.google.com/document/d/1Bzt1UOXHJYyNFvTUsMO4zfbiDd_cKxuEygjAww2GcZQ/edit

[Third Party Advisory] https://vuldb.com/?ctiid.227236

[Third Party Advisory] https://vuldb.com/?id.227236

Scores

CVSS v3 6.3

EPSS 0.0176

EPSS Percentile 82.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-434

Status published

Products (1)

online_pizza_ordering_system_project/online_pizza_ordering_system 1.0

Published Apr 23, 2023

Tracked Since Feb 18, 2026