PT-2023-32333 · Unknown · Codeastro Pos System

W3Bspl01T3R

Publicado

2023-10-26

Atualizado

2024-05-17

CVE-2023-5795

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CodeAstro POS System version 1.0

Description A critical issue has been found in the CodeAstro POS System, affecting an unknown functionality of the file /profil of the component Profile Picture Handler. This issue leads to unrestricted upload and can be exploited remotely. The exploit has been disclosed to the public.

Recommendations For CodeAstro POS System version 1.0, consider disabling the Profile Picture Handler component until a patch is available to prevent unrestricted upload. Restrict access to the /profil file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-5795

Produtos afetados

Codeastro Pos System

PT-2023-32333 · Unknown · Codeastro Pos System

CVE-2023-5795

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8