CVE-2022-34965

Name of the Vulnerable Software and Affected Versions Open Source Social Network version 6.3 LTS

Description The issue is related to an arbitrary file upload vulnerability in the /ossn/administrator/com installer component. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note that the project owner believes this behavior is intended, as it only allows authenticated admins to upload files.

Recommendations For version 6.3 LTS, consider restricting access to the /ossn/administrator/com installer component to minimize the risk of exploitation. As a temporary workaround, consider disabling the file upload functionality in this component until a patch is available. Restrict access to the vulnerable component to only authenticated admins to reduce the risk of arbitrary code execution.