PT-2019-13502 · Layerbb · Layerbb
Publicado
2019-07-19
·
Atualizado
2019-07-19
·
CVE-2019-13973
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
LayerBB version 1.1.3
Description
The issue allows for arbitrary file upload in the admin/general.php file due to the lack of restriction on the custom logo filename suffix, enabling the use of .php suffixes.
Recommendations
For LayerBB version 1.1.3, restrict the custom logo filename suffix to prevent the use of .php extensions as a temporary workaround, and update to a newer version that addresses this issue once available.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Layerbb