PT-2026-3476 · Hotcrp · Hotcrp

Cyanpencil

·

Publicado

2026-01-19

·

Atualizado

2026-01-21

·

CVE-2026-23836

CVSS v3.1

9.9

Crítica

VetorAV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions HotCRP version 3.1
Description HotCRP is conference review software. A flaw introduced in April 2024 in version 3.1 allows users to trigger the execution of arbitrary PHP code due to inadequately sanitized code generation for HotCRP formulas. The issue grants remote code execution with user privileges.
Recommendations Update HotCRP to version 3.2.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2026-23836
GHSA-HPQH-J6QX-X57H

Produtos afetados

Hotcrp