PT-2023-30518 · Unknown · Guest Entries

Duncanmcclean

Publicado

2023-11-13

Atualizado

2023-11-21

CVE-2023-47621

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Guest Entries versions prior to 3.1.2

Description The file uploads feature in Guest Entries did not prevent the upload of PHP files, which may lead to code execution on the server by authenticated users.

Recommendations For versions prior to 3.1.2, upgrade to version 3.1.2 to fix the vulnerability. As a temporary workaround, consider disabling the file uploads feature until the upgrade is applied. Restrict access to the file uploads functionality to minimize the risk of exploitation.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-47621

GHSA-RW82-MHMX-GRMJ

Produtos afetados

Guest Entries

PT-2023-30518 · Unknown · Guest Entries

CVE-2023-47621

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9