PT-2023-28287 · Lenosp · Lenosp

Kiki

Publicado

2023-09-14

Atualizado

2023-09-19

CVE-2023-42180

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions lenosp versions 1.0 through 1.2.0

Description The issue allows attackers to execute HTML code via a crafted JPG file. This is achieved through an arbitrary file upload vulnerability in the /user/upload component.

Recommendations For versions 1.0 through 1.2.0, consider disabling the /user/upload component until a patch is available to prevent exploitation. Restrict access to this component to minimize the risk of arbitrary file uploads. Avoid using the component for uploading files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-42180

Produtos afetados

Lenosp

PT-2023-28287 · Lenosp · Lenosp

CVE-2023-42180

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4