PT-2023-29009 · Unknown · Prison Management System

Rootd4Ddy

Publicado

2023-10-04

Atualizado

2023-10-07

CVE-2023-43838

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Personal Management System version 1.4.64

Description The issue allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar.

Recommendations For Personal Management System version 1.4.64, consider disabling the file upload feature, specifically for SVG files, until a patch is available. Restrict access to the user profile's avatar upload functionality to minimize the risk of exploitation. Avoid using the file upload feature in user profiles until the issue is resolved.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-43838

Produtos afetados

Prison Management System

PT-2023-29009 · Unknown · Prison Management System

CVE-2023-43838

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10