{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-1479","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-03-18T08:25:06.796Z","datePublished":"2023-03-18T08:25:39.933Z","dateUpdated":"2024-08-02T05:49:11.414Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-10-21T09:18:10.284Z"},"title":"SourceCodester Simple Music Player save_music.php unrestricted upload","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-434","lang":"en","description":"CWE-434 Unrestricted Upload"}]}],"affected":[{"vendor":"SourceCodester","product":"Simple Music Player","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical has been found in SourceCodester Simple Music Player 1.0. Affected is an unknown function of the file save_music.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223362 is the identifier assigned to this vulnerability."},{"lang":"de","value":"Es wurde eine kritische Schwachstelle in SourceCodester Simple Music Player 1.0 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei save_music.php. Durch das Manipulieren des Arguments filename mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2023-03-18T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-03-18T00:00:00.000Z","lang":"en","value":"CVE reserved"},{"time":"2023-03-18T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-04-11T16:27:27.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Xue Yue (VulDB User)","type":"analyst"}],"references":[{"url":"https://vuldb.com/?id.223362","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.223362","tags":["signature","permissions-required"]},{"url":"https://github.com/xyaly163/bug_report/blob/main/UPLOAD.md","tags":["exploit"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:49:11.414Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.223362","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.223362","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/xyaly163/bug_report/blob/main/UPLOAD.md","tags":["exploit","x_transferred"]}]}]}}