{"api_version":"1","generated_at":"2026-04-26T07:14:52+00:00","cve":"CVE-2023-1722","urls":{"html":"https://cve.report/CVE-2023-1722","api":"https://cve.report/api/cve/CVE-2023-1722.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-1722","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-1722"},"summary":{"title":"CVE-2023-1722","description":"Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.","state":"PUBLIC","assigner":"help@fluidattacks.com","published_at":"2023-06-24 02:15:00","updated_at":"2023-06-30 07:31:00"},"problem_types":["CWE-352"],"metrics":[],"references":[{"url":"https://fluidattacks.com/advisories/wyckoff/","name":"https://fluidattacks.com/advisories/wyckoff/","refsource":"MISC","tags":[],"title":"Yoga Class Registration System 1.0 - ATO | Advisories | Fluid Attacks","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html","name":"https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html","refsource":"MISC","tags":[],"title":"Yoga Class Registration System in PHP and MySQL Free Source Code | Free Source Code Projects and Tutorials","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-1722","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1722","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"1722","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"yoga_class_registration_system_project","cpe5":"yoga_class_registration_system","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-1722","ASSIGNER":"help@fluidattacks.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.\n\n\n\n\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-352 Cross-Site Request Forgery (CSRF)","cweId":"CWE-352"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Yoga Class Registration System","product":{"product_data":[{"product_name":"Yoga Class Registration System","version":{"version_data":[{"version_affected":"=","version_value":"1.0"}]}}]}}]}},"references":{"reference_data":[{"url":"https://fluidattacks.com/advisories/wyckoff/","refsource":"MISC","name":"https://fluidattacks.com/advisories/wyckoff/"},{"url":"https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html","refsource":"MISC","name":"https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"EXTERNAL"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-06-24 02:15:00","lastModifiedDate":"2023-06-30 07:31:00","problem_types":["CWE-352"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:yoga_class_registration_system_project:yoga_class_registration_system:1.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}