CVE-2024-5745

HIGH

Bakery Online Ordering System - Unrestricted File Upload

Title source: rule

Description

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-267414 is the identifier assigned to this vulnerability.

References (4)

Core 4

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.267414

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.267414

Third Party Advisory third-party-advisory

https://vuldb.com/?submit.351827

Exploit exploit

https://github.com/L1OudFd8cl09/CVE/blob/main/07_06_2024_a.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.3

EPSS 0.0014

EPSS Percentile 33.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (1)

bakery_online_ordering_system_project/bakery_online_ordering_system 1.0

Published Jun 07, 2024

Tracked Since Feb 18, 2026