PT-2023-26497 · Openrapid · Openrapid Rapidcms

Txph

Publicado

2023-07-23

Atualizado

2024-09-21

CVE-2023-3852

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenRapid RapidCMS versions up to 1.3.1

Description A critical issue affects the file /admin/upload.php, where the manipulation of the file argument leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations To fix this issue, apply the patch with the name 4dff387283060961c362d50105ff8da8ea40bcbe. As a temporary workaround, consider restricting access to the /admin/upload.php file until the patch is applied. Avoid using the file argument in the affected file until the issue is resolved.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-3852

Produtos afetados

Openrapid Rapidcms

PT-2023-26497 · Openrapid · Openrapid Rapidcms

CVE-2023-3852

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9