PT-2023-32798 · Saysky · Sayski Forestblog

Daylightqc

Publicado

2023-12-17

Atualizado

2024-05-17

CVE-2023-6887

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions saysky ForestBlog up to 20220630

Description A critical issue has been found in the Image Upload Handler component, affecting the /admin/upload/img file. The manipulation of the filename argument leads to unrestricted upload. This issue can be initiated remotely.

Recommendations For saysky ForestBlog up to 20220630, consider restricting access to the Image Upload Handler component to minimize the risk of exploitation. Avoid using the filename argument in the /admin/upload/img file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-6887

Produtos afetados

Sayski Forestblog

PT-2023-32798 · Saysky · Sayski Forestblog

CVE-2023-6887

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7