{"api_version":"1","generated_at":"2026-04-26T07:14:46+00:00","cve":"CVE-2023-1721","urls":{"html":"https://cve.report/CVE-2023-1721","api":"https://cve.report/api/cve/CVE-2023-1721.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-1721","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-1721"},"summary":{"title":"CVE-2023-1721","description":"Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.","state":"PUBLIC","assigner":"help@fluidattacks.com","published_at":"2023-06-24 00:15:00","updated_at":"2023-06-30 07:35:00"},"problem_types":["CWE-434"],"metrics":[],"references":[{"url":"https://fluidattacks.com/advisories/blessd/","name":"https://fluidattacks.com/advisories/blessd/","refsource":"MISC","tags":[],"title":"Yoga Class Registration System 1.0 - RCE | Advisories | Fluid Attacks","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html","name":"https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html","refsource":"MISC","tags":[],"title":"Yoga Class Registration System in PHP and MySQL Free Source Code | Free Source Code Projects and Tutorials","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-1721","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1721","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"1721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"yoga_class_registration_system_project","cpe5":"yoga_class_registration_system","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-1721","ASSIGNER":"help@fluidattacks.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.\n\n\n\n\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-434 Unrestricted Upload of File with Dangerous Type","cweId":"CWE-434"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Yoga Class Registration System","product":{"product_data":[{"product_name":"Yoga Class Registration System","version":{"version_data":[{"version_affected":"=","version_value":"1.0"}]}}]}}]}},"references":{"reference_data":[{"url":"https://fluidattacks.com/advisories/blessd/","refsource":"MISC","name":"https://fluidattacks.com/advisories/blessd/"},{"url":"https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html","refsource":"MISC","name":"https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"EXTERNAL"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-06-24 00:15:00","lastModifiedDate":"2023-06-30 07:35:00","problem_types":["CWE-434"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:yoga_class_registration_system_project:yoga_class_registration_system:1.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}