CVE-2023-39115

CRITICAL

Campcodes Online Matrimonial Website System Script <3.3 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-39115. PoCs published by Rajdip Dey Sarkar, 0xrajdip, Raj789-sec.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Online Matrimonial Website System v3.3, allowing code execution via a malicious SVG file. The SVG payload includes JavaScript that triggers an alert and redirects to an external site.

Description

install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.

Exploits (3)

exploitdb WORKING POC
by Rajdip Dey Sarkar · textwebappsphp
https://www.exploit-db.com/exploits/51656

This exploit demonstrates an arbitrary file upload vulnerability in Online Matrimonial Website System v3.3, allowing code execution via a malicious SVG file. The SVG payload includes JavaScript that triggers an alert and redirects to an external site.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Campcodes Online Matrimonial Website System Script v3.3
Auth required
Prerequisites: Valid user credentials · Access to the profile settings page · Ability to upload files
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by 0xrajdip · poc
https://github.com/0xrajdip/CVE-2023-39115

The repository provides a detailed technical description of CVE-2023-39115, an arbitrary file upload vulnerability in Campcodes Online Matrimonial Website System Script v3.3. It explains the attack vector involving malicious SVG files and the potential impact of arbitrary code execution.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Campcodes Online Matrimonial Website System Script v3.3
No auth needed
Prerequisites: ability to upload files to the application
devstral-2 · analyzed Apr 10, 2026 Full analysis →
nomisec WRITEUP
by Raj789-sec · poc
https://github.com/Raj789-sec/CVE-2023-39115

The repository provides a detailed technical description of CVE-2023-39115, an arbitrary file upload vulnerability in Campcodes Online Matrimonial Website System Script v3.3. It explains the attack vector involving malicious SVG files and the potential impact of arbitrary code execution.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Campcodes Online Matrimonial Website System Script v3.3
No auth needed
Prerequisites: Access to the file upload functionality
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.0221
EPSS Percentile 84.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
campcodes/complete_online_matrimonial_website_system_script 3.3
Published Aug 16, 2023
Tracked Since Feb 18, 2026