PT-2023-19069 · Erohtar · Dasherr

Beauknowstech

Publicado

2023-01-20

Atualizado

2023-02-03

CVE-2023-23607

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions erohtar/Dasherr versions prior to 1.05.00

Description The issue allows any unauthenticated user to execute arbitrary code on the server due to unrestricted file upload. The file /www/include/filesave.php enables uploading files to anywhere on the server. If an attacker uploads a php file, they can execute code on the server.

Recommendations For versions prior to 1.05.00, upgrade to version 1.05.00 to address the issue. As a temporary workaround, consider restricting access to the /www/include/filesave.php file to prevent unauthorized file uploads. Additionally, avoid uploading php files to the server until the issue is resolved.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-23607

GHSA-6RGC-2X44-7PHQ

Produtos afetados

Dasherr

PT-2023-19069 · Erohtar · Dasherr

CVE-2023-23607

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8