Description

A flaw has been found in code-projects Online Product Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /handgunner-administrator/prod.php. Executing manipulation can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been published and may be used.

Related CPE's

Could not find any relations

References

https://code-projects.org/

https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/file_upload_prod.php.md

https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/file_upload_prod.php.md#poc

https://vuldb.com/?ctiid.339461

https://vuldb.com/?id.339461

https://vuldb.com/?submit.731015

Weaknesses

[email protected]

Primary
CWE-284CWE-434

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Received

Published

2026-01-04T09:15:41.177Z

2 days ago

Last modified

2026-01-04T09:15:41.177Z

2 days ago