PT-2023-28318 · Elitecms · Elitecms
Num-Nine
·
Publicado
2023-09-20
·
Atualizado
2023-10-13
·
CVE-2023-42331
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
EliteCMS version 1.01
Description
A file upload vulnerability allows a remote attacker to execute arbitrary code via the manage uploads.php component.
Recommendations
For EliteCMS version 1.01, consider disabling the file upload functionality in the manage uploads.php component until a patch is available. Restrict access to the manage uploads.php component to minimize the risk of exploitation.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Elitecms