PT-2019-13819 · Leaf · Leaf Admin

Velocista

Publicado

2019-08-15

Atualizado

2019-08-20

CVE-2019-14755

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Leaf Admin version 61.9.0212.10

Description The issue concerns the profile photo upload feature, which allows the unrestricted upload of files with dangerous types.

Recommendations For Leaf Admin version 61.9.0212.10, consider restricting the types of files that can be uploaded through the profile photo upload feature to prevent potential exploitation. As a temporary workaround, consider disabling the profile photo upload feature until a more robust fix is available.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2019-14755

Produtos afetados

Leaf Admin

PT-2019-13819 · Leaf · Leaf Admin

CVE-2019-14755

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5