PT-2023-12256 · Unknown+1 · Yupoxion Bearadmin+1
Szfsiro
·
Publicado
2023-02-17
·
Atualizado
2025-03-18
·
CVE-2021-35261
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075
Description
The issue allows an attacker to execute arbitrary remote code via the
Upfile function of the "extend/tools/Ueditor" endpoint. This enables remote code execution, potentially leading to severe security consequences.Recommendations
For Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075, consider disabling the
Upfile function of the extend/tools/Ueditor endpoint as a temporary workaround until a patch is available. Restrict access to the extend/tools/Ueditor endpoint to minimize the risk of exploitation.Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ueditor
Yupoxion Bearadmin