PT-2023-31813 · Unknown · Piotnet Forms

Rafie Muhammad

Publicado

2023-12-29

Atualizado

2024-01-05

CVE-2023-51412

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Piotnet Forms versions 1.0.25 and earlier

Description The issue is related to an Unrestricted Upload of File with Dangerous Type. This allows for the upload of files with potentially dangerous types, which could lead to security issues.

Recommendations For versions 1.0.25 and earlier, consider restricting file uploads to only allow safe file types until a patch is available. As a temporary workaround, consider disabling file upload functionality in Piotnet Forms until a patch is available. Restrict access to the file upload module to minimize the risk of exploitation.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-51412

Produtos afetados

Piotnet Forms

PT-2023-31813 · Unknown · Piotnet Forms

CVE-2023-51412

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7