CVE-2023-3274

MEDIUM

Supplier Management System - Unrestricted File Upload

Title source: rule

Description

A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btn_functions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231624.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.231624

Permissions Required, Third Party Advisory, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.231624

Exploit exploit

https://github.com/wuyangzihan/SUPPLIER-MANAGEMENT-SYSTEM/blob/main/SUPPLIER%20MANAGEMENT%20SYSTEM%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf

View Exploit ZIP pw:eip

Scores

CVSS v3 6.3

EPSS 0.0010

EPSS Percentile 27.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-434

Status published

Products (1)

supplier_management_system_project/supplier_management_system 1.0

Published Jun 15, 2023

Tracked Since Feb 18, 2026