CVE-2023-1721

Published Jun 24, 2023

Last updated a year ago

Overview

Description
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.
Source
help@fluidattacks.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

nvd@nist.gov
CWE-434
help@fluidattacks.com
CWE-434

Social media

Hype score
Not currently trending

Configurations