External Control of File Name or Path

CVE-2023-4749

Medium

6.3/10

Summary

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-73 - External Control of File Name or Path

The software allows user input to control or influence paths or file names that are used in filesystem operations.

References

Advisory Timeline

Published Sep 04, 2023

External Control of File Name or Path

CVE-2023-4749

Summary

CWE-73 - External Control of File Name or Path

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS