PT-2023-20048 · Unknown · Cleverstupiddog Yf-Exam

Cleverstupiddog

Publicado

2023-03-03

Atualizado

2023-03-10

CVE-2023-25402

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions CleverStupidDog yf-exam version 1.8.0

Description The issue concerns a lack of restriction on the suffix of uploaded files, allowing any file to be uploaded.

Recommendations For version 1.8.0, restrict access to the file upload feature until a proper fix is implemented to validate and restrict file types based on their suffix. As a temporary workaround, consider implementing server-side checks to only allow specific, safe file extensions to be uploaded.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-25402

Produtos afetados

Cleverstupiddog Yf-Exam

PT-2023-20048 · Unknown · Cleverstupiddog Yf-Exam

CVE-2023-25402

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5