PT-2023-25519 · Typecho · Typecho
Faithpatrick
·
Publicado
2023-08-03
·
Atualizado
2023-08-07
·
CVE-2023-36299
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
typecho version 1.2.1
Description
A File Upload issue allows a remote attacker to execute arbitrary code via the
upload and options-general parameters in "index.php".Recommendations
For typecho version 1.2.1, as a temporary workaround, consider restricting access to the "index.php" endpoint and limiting the use of the
upload and options-general parameters until a patch is available.Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Typecho