PT-2023-21361 · Bloofox · Bloofox

Jspring996

·

Publicado

2023-04-13

·

Atualizado

2023-12-22

·

CVE-2023-27812

CVSS v3.1

9.1

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Name of the Vulnerable Software and Affected Versions bloofox version 0.5.2
Description The issue is related to an arbitrary file deletion vulnerability. This vulnerability can be exploited via the delete file() function.
Recommendations For bloofox version 0.5.2, consider disabling the delete file() function until a patch is available to prevent potential exploitation.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2023-27812

Produtos afetados

Bloofox