CVE-2023-1442

Name of the Vulnerable Software and Affected Versions Meizhou Qingyunke QYKCMS version 4.3.0

Description A vulnerability was found in the Update Handler component of Meizhou Qingyunke QYKCMS, affecting an unknown part of the file /admin system/api.php. The manipulation of the downurl argument leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Meizhou Qingyunke QYKCMS version 4.3.0, consider disabling the Update Handler component or restricting access to the /admin system/api.php file until a patch is available. As a temporary workaround, avoid using the downurl argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.