Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/arrau/ | Exploit Third Party Advisory |
https://www.kashipara.com/ | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Fluid Attacks
Published: 2024-01-04T14:24:34.938Z
Updated: 2024-01-04T14:24:34.938Z
Reserved: 2023-12-12T15:12:54.429Z
Link: CVE-2023-50760
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-04T15:15:09.387
Modified: 2024-01-10T01:13:05.217
Link: CVE-2023-50760
JSON object: View
Redhat Information
No data.
CWE