PT-2022-17957 · Unknown · Halo Blog Cms

Ziping21

Published

2022-04-05

Updated

2022-04-12

CVE-2022-26619

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Halo Blog CMS version 1.4.17

Description The issue allows attackers to upload arbitrary files via the Attachment Upload function. This can potentially lead to unauthorized access or malicious activities on the system.

Recommendations For Halo Blog CMS version 1.4.17, consider disabling the Attachment Upload function until a patch is available to prevent arbitrary file uploads. Restrict access to the upload functionality to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-26619

Affected Products

Halo Blog Cms

PT-2022-17957 · Unknown · Halo Blog Cms

CVE-2022-26619

Weakness Enumeration

Related Identifiers

Affected Products

References · 4