CVE-2024-2058

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-2058
A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/product.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255373 was assigned to this vulnerability.

7.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md Broken Link
https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md Broken Link
https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md Broken Link
https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md Broken Link
https://vuldb.com/?ctiid.255373 Permissions Required VDB Entry
https://vuldb.com/?ctiid.255373 Permissions Required VDB Entry
https://vuldb.com/?id.255373 Third Party Advisory VDB Entry
https://vuldb.com/?id.255373 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:mayurik:petrol_pump_management:1.0:*:*:*:*:*:*:*
History

10 Dec 2024, 23:23

Type Values Removed Values Added
CPE cpe:2.3:a:mayurik:petrol_pump_management:1.0:*:*:*:*:*:*:*
CWE CWE-434
References () https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md - () https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md - Broken Link
References () https://vuldb.com/?ctiid.255373 - () https://vuldb.com/?ctiid.255373 - Permissions Required, VDB Entry
References () https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md - () https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md - Broken Link
References () https://vuldb.com/?id.255373 - () https://vuldb.com/?id.255373 - Third Party Advisory, VDB Entry
First Time Mayurik petrol Pump Management
Mayurik
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.2

01 Mar 2024, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-01 11:15

Updated : 2024-12-10 23:23

NVD link : CVE-2024-2058

Mitre link : CVE-2024-2058

JSON object : View

Products Affected

mayurik

  • petrol_pump_management
CWE

No CWE.