CVE-2023-3800

Name of the Vulnerable Software and Affected Versions EasyAdmin8 version 2.0.2.2

Description A vulnerability has been found in the File Upload Module of EasyAdmin8, affecting an unknown function of the file /admin/index/index.html#/admin/mall.goods/index.html. This issue leads to unrestricted upload. The complexity of an attack is rather high, and the exploitability is difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond.

Recommendations For EasyAdmin8 version 2.0.2.2, as a temporary workaround, consider disabling the File Upload Module until a patch is available. Restrict access to the /admin/index/index.html#/admin/mall.goods/index.html file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.