PT-2017-10931 · Invoiceplane · Invoiceplane

Publicado

2017-11-17

Atualizado

2017-11-30

CVE-2017-1000238

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions InvoicePlane version 1.4.10

Description The issue allows an authenticated user to upload malicious files to the webserver, potentially compromising it. An attacker can upload a script that could lead to the webserver being compromised.

Recommendations For InvoicePlane version 1.4.10, consider restricting file upload capabilities to prevent malicious file uploads until a fix is available. As a temporary workaround, limit the types of files that can be uploaded to the webserver to minimize the risk of exploitation.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2017-1000238

Produtos afetados

Invoiceplane

PT-2017-10931 · Invoiceplane · Invoiceplane

CVE-2017-1000238

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3