CVE-2023-5284

MEDIUM

Engineers Online Portal - Unrestricted File Upload

Title source: rule

Description

A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file upload_save_student.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240912.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.240912

Permissions Required, Third Party Advisory, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.240912

Exploit exploit

https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Engineers%20Online%20Portal%20System%20upload_save_student.php%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf

View Exploit ZIP pw:eip

Scores

CVSS v3 6.3

EPSS 0.0021

EPSS Percentile 43.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (1)

engineers_online_portal_project/engineers_online_portal 1.0

Published Sep 29, 2023

Tracked Since Feb 18, 2026