PT-2019-13176 · Symphony Cms · Symphony Cms Rich Text Formatter (Redactor) Extension
Publicado
2019-09-05
·
Atualizado
2019-09-06
·
CVE-2019-13187
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Symphony CMS Rich Text Formatter (Redactor) extension versions through 1.1.1
Description
The issue concerns an Unauthenticated arbitrary file upload vulnerability. This vulnerability is present in the content.fileupload.php and content.imageupload.php files.
Recommendations
For Symphony CMS Rich Text Formatter (Redactor) extension versions through 1.1.1, consider disabling the file upload functionality in content.fileupload.php and content.imageupload.php until a patch is available. Restrict access to these files to minimize the risk of exploitation.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Symphony Cms Rich Text Formatter (Redactor) Extension