PT-2023-20048 · Unknown · Cleverstupiddog Yf-Exam
Cleverstupiddog
·
Published
2023-03-03
·
Updated
2023-03-10
·
CVE-2023-25402
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
CleverStupidDog yf-exam version 1.8.0
Description
The issue concerns a lack of restriction on the suffix of uploaded files, allowing any file to be uploaded.
Recommendations
For version 1.8.0, restrict access to the file upload feature until a proper fix is implemented to validate and restrict file types based on their suffix. As a temporary workaround, consider implementing server-side checks to only allow specific, safe file extensions to be uploaded.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cleverstupiddog Yf-Exam