PT-2022-11661 · Unknown · Kreado Kreasfero

Vlynx

Published

2022-06-14

Updated

2022-06-22

CVE-2021-42675

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kreado Kreasfero version 1.5

Description The issue arises from improper sanitization of uploaded files to the media directory, allowing an attacker to upload a malicious PHP file and achieve remote code execution.

Recommendations For version 1.5, consider implementing proper file upload validation and sanitization to prevent the upload of malicious files, or restrict access to the media directory until a fix is available. As a temporary workaround, consider disabling file uploads to the media directory until the issue is resolved.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-42675

Affected Products

Kreado Kreasfero

PT-2022-11661 · Unknown · Kreado Kreasfero

CVE-2021-42675

Weakness Enumeration

Related Identifiers

Affected Products

References · 5