PT-2022-15959 · Wikidocs · Wikidocs

Nam3Lumo

Published

2022-02-19

Updated

2022-03-01

CVE-2022-23375

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WikiDocs version 0.1.18

Description The issue allows for authenticated remote code execution. An attacker can exploit this by uploading a malicious file using the image upload form through the "index.php" endpoint. The image upload form is vulnerable to malicious file uploads, which can be used to execute arbitrary code.

Recommendations For WikiDocs version 0.1.18, consider disabling the image upload functionality through the "index.php" endpoint until a patch is available to prevent exploitation. Restrict access to the image upload form to minimize the risk of remote code execution.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-23375

Affected Products

Wikidocs

PT-2022-15959 · Wikidocs · Wikidocs

CVE-2022-23375

Weakness Enumeration

Related Identifiers

Affected Products

References · 7