PT-2023-18910 · Avantfax · Avantfax
Harold Rodriguez
·
Published
2023-03-10
·
Updated
2025-03-04
·
CVE-2023-23328
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AvantFAX version 3.3.7
Description
A File Upload issue exists, allowing an authenticated user to bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.
Recommendations
For AvantFAX version 3.3.7, consider disabling the file upload functionality in FileUpload.php until a patch is available to prevent exploitation. Restrict access to the FileUpload.php module to minimize the risk of uploading specially crafted PHP files.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avantfax