PT-2023-18910 · Avantfax · Avantfax
Harold Rodriguez
·
Publicado
2023-03-10
·
Atualizado
2025-03-04
·
CVE-2023-23328
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AvantFAX version 3.3.7
Description
A File Upload issue exists, allowing an authenticated user to bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.
Recommendations
For AvantFAX version 3.3.7, consider disabling the file upload functionality in FileUpload.php until a patch is available to prevent exploitation. Restrict access to the FileUpload.php module to minimize the risk of uploading specially crafted PHP files.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Avantfax