CVE-2019-8433

Name of the Vulnerable Software and Affected Versions JTBC(PHP) version 3.0.1.8

Description The issue allows for Arbitrary File Upload. This can be achieved via the "/console/#/console/file/manage.php?type=list" API endpoint. An example of exploitation includes uploading a .php file.

Recommendations For version 3.0.1.8, consider restricting access to the "/console/#/console/file/manage.php?type=list" API endpoint to prevent arbitrary file uploads until a fix is available. Additionally, as a temporary workaround, consider implementing validation and sanitization of uploaded files to minimize the risk of exploitation.