PT-2018-9535 · Bludit · Bludit
Bousalman
·
Publicado
2018-12-20
·
Atualizado
2019-01-07
·
CVE-2018-1000811
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
bludit version 3.0.0
Description
The issue allows for Unrestricted Upload of File with Dangerous Type, which can lead to Remote Command Execution. This can be exploited by a malicious user uploading a crafted payload containing PHP code.
Recommendations
For bludit version 3.0.0, update to a version that contains a fix for this issue to prevent Remote Command Execution. As a temporary workaround, consider restricting access to the Content Upload feature in the Pages Editor to minimize the risk of exploitation.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bludit