CVE-2023-26968

Name of the Vulnerable Software and Affected Versions Atrocore version 1.5.25

Description The Create Import Feed option with the glyphicon-glyphicon-paperclip function in Atrocore is vulnerable to unauthenticated file upload. This issue allows unauthorized users to upload files without proper authentication.

Recommendations For Atrocore version 1.5.25, consider disabling the Create Import Feed option with the glyphicon-glyphicon-paperclip function until a patch is available to prevent unauthenticated file uploads. Restrict access to this function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.