Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Wedding Planner v1.0 is vulnerable to arbitrary code execution.
AnalysisAI
Wedding Planner v1.0 is vulnerable to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
Wedding Planner v1.0 is vulnerable to arbitrary code execution. Affected products include: Wedding Planner Project Wedding Planner.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Wedding Planner
View allWedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.ph
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budg
Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.
Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Manageme
Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php. Rated high severity (CVSS 8.8), thi
Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. Rated high severity (CVSS 8.8), th
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/select.php.
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/feature_edit
Share
External POC / Exploit Code
Leaving vuln.today