PT-2023-32855 · Unknown · Phpgurukul Online Notes Sharing System

Dhabaleshwar

Publicado

2023-12-22

Atualizado

2024-05-17

CVE-2023-7054

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Notes Sharing System version 1.0

Description A problematic issue affects the processing of the file /user/add-notes.php, leading to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For PHPGurukul Online Notes Sharing System version 1.0, consider restricting access to the /user/add-notes.php file until a patch is available. As a temporary workaround, avoid using the file /user/add-notes.php for uploading notes to minimize the risk of exploitation.

Exploit

Correção

XSS

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79CWE-434

Identificadores relacionados

CVE-2023-7054

Produtos afetados

Phpgurukul Online Notes Sharing System

PT-2023-32855 · Unknown · Phpgurukul Online Notes Sharing System

CVE-2023-7054

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7