nvd-json-data-feeds/CVE-2021/CVE-2021-416xx/CVE-2021-41644.json

{
  "id": "CVE-2021-41644",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2021-10-29T17:15:07.643",
  "lastModified": "2021-11-02T18:49:45.500",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota (RCE) en Sourcecodester Online Food Ordering System versi\u00f3n 2.0, por medio de un archivo PHP dise\u00f1ado maliciosamente que omite los filtros de carga de im\u00e1genes"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:online_food_ordering_system_project:online_food_ordering_system:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEEB043-764B-4A7C-B6BB-E5B2A2E74141"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.exploit-db.com/exploits/50305",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2021-41644",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2021-10-29T17:15:07.643",`
			`"lastModified": "2021-11-02T18:49:45.500",`
			`"vulnStatus": "Analyzed",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "Se presenta una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota (RCE) en Sourcecodester Online Food Ordering System versi\u00f3n 2.0, por medio de un archivo PHP dise\u00f1ado maliciosamente que omite los filtros de carga de im\u00e1genes"`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 9.8,`
			`"baseSeverity": "CRITICAL"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 5.9`
			`}`
			`],`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",`
			`"accessVector": "NETWORK",`
			`"accessComplexity": "LOW",`
			`"authentication": "NONE",`
			`"confidentialityImpact": "PARTIAL",`
			`"integrityImpact": "PARTIAL",`
			`"availabilityImpact": "PARTIAL",`
			`"baseScore": 7.5`
			`},`
			`"baseSeverity": "HIGH",`
			`"exploitabilityScore": 10.0,`
			`"impactScore": 6.4,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-434"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:online_food_ordering_system_project:online_food_ordering_system:2.0:::::::*",`
			`"matchCriteriaId": "8DEEB043-764B-4A7C-B6BB-E5B2A2E74141"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://www.exploit-db.com/exploits/50305",`
			`"source": "cve@mitre.org",`
			`"tags": [`
			`"Exploit",`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
			`}`
			`]`
			`}`