CVE-2023-43740— Online Book Store Project v1.0 - Insecure File Upload
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-43740
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Online Book Store Project v1.0 - Insecure File Upload
Source: NVD (National Vulnerability Database)
Vulnerability Description
Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
危险类型文件的不加限制上传
Source: NVD (National Vulnerability Database)
Vulnerability Title
Projectworlds Online Book Store Project In Php 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Projectworlds Online Book Store Project In Php是奥地利Projectworlds公司的一个基于Php的在线书店系统。 Projectworlds Online Book Store Project In Php v1.0版本存在代码问题漏洞,该漏洞源于容易受到不安全文件上传漏洞的影响,从而允许经过身份验证的攻击者在托管应用程序的服务器上获取远程代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Online Book Store Project | Online Book Store Project | 1.0 | - |
II. Public POCs for CVE-2023-43740
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-43740
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-434
- CVE-2021-47943
TextPattern CMS 4.8.7 Remote Code Execution via File Upload - CVE-2021-47937
e107 CMS 2.3.0 Authenticated Remote Code Execution via Theme - CVE-2026-41517
Emlog: Remote Code Execution via Malicious Plugin Upload - CVE-2026-6692
Slider Revolution 7.0.0 - 7.0.10 - Authenticated (Subscriber - CVE-2026-41587
CI4MS: Unrestricted PHP File Upload via Theme Installation L
V. Comments for CVE-2023-43740
No comments yet