CVE-2019-12548

Name of the Vulnerable Software and Affected Versions Bludit versions prior to 3.9.0

Description The issue allows remote code execution for an authenticated user. This can be achieved by uploading a php file while changing the logo through the /admin/ajax/upload-logo API endpoint.

Recommendations For versions prior to 3.9.0, update to version 3.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the /admin/ajax/upload-logo API endpoint until the update is applied.