Simple And Nice Shopping Cart Script
CVE-2023-44061
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component.
AnalysisAI
File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. Affected products include: Simple And Nice Shopping Cart Script Project Simple And Nice Shopping Cart Script.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Rated critical
A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. Rated high severity (CVSS 8.8), this v
A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. Rat
A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. Rated critical severity (CVSS 9.8)
SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0 enables remote, unauthenticated attackers to ma
SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0 exposes the admin login interface to remote una
A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unkn
SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0 allows unauthenticated remote attackers to mani
Share
External POC / Exploit Code
Leaving vuln.today