A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. This affects an unknown part of the file /endpoint/add-folder.php. The manipulation of the argument folder leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
History

Tue, 27 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Rems
Rems zipped Folder Manager App
CPEs cpe:2.3:a:rems:zipped_folder_manager_app:1.0:*:*:*:*:*:*:*
Vendors & Products Rems
Rems zipped Folder Manager App

Mon, 26 Aug 2024 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester zipped Folder Manager App
CPEs cpe:2.3:a:sourcecodester:zipped_folder_manager_app:1.0:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester zipped Folder Manager App
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 26 Aug 2024 15:45:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. This affects an unknown part of the file /endpoint/add-folder.php. The manipulation of the argument folder leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Title SourceCodester Zipped Folder Manager App add-folder.php unrestricted upload
Weaknesses CWE-434
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-08-26T15:31:05.067Z

Updated: 2024-08-26T17:42:52.280Z

Reserved: 2024-08-26T07:40:42.557Z

Link: CVE-2024-8170

cve-icon Vulnrichment

Updated: 2024-08-26T17:42:41.533Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-26T16:15:11.007

Modified: 2024-08-27T16:02:50.577

Link: CVE-2024-8170

cve-icon Redhat

No data.