CVE-2023-27397

Name of the Vulnerable Software and Affected Versions MicroEngine Mailform versions 1.1.0 through 1.1.8 PostgreSQL (affected versions not specified)

Description The issue allows for the unrestricted upload of files with dangerous types. If the file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. A serious flaw in PostgreSQL is being actively exploited, which could lead to potential data breaches and system compromises.

Recommendations For MicroEngine Mailform versions 1.1.0 through 1.1.8, consider disabling the file upload function and server save option until a patch is available. For PostgreSQL, update your systems immediately to protect against potential data breaches and system compromises. As a temporary workaround, restrict access to sensitive areas of the server to minimize the risk of exploitation.