Headline
CVE-2023-36119: NVD - CVE-2023-0527
File upload vulnerability in PHPGurukul Online Security Guards Hiring System v.1.0 allows a remote attacker to execute arbitrary code via a crafted php file to the \osghs\admin\images file.
Description
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input "><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219596.
Severity
CVSS 3.x Severity and Metrics:
NIST: NVD
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CNA: VulDB
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
NVD Analysts use publicly available information to associate vector strings and CVSS scores. We also display any CVSS information provided within the CVE List from the CNA.
Note: It is possible that the NVD CVSS may not match that of the CNA. The most common reason for this is that publicly available information does not provide sufficient detail or that information simply was not available at the time the CVSS vector string was assigned.
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-79
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
VulDB
Known Affected Software Configurations Switch to CPE 2.2
Change History
2 change records found show changes