PT-2023-26790 · Unknown · Campcodes Online Matrimonial Website System Script

Rajdip Dey Sarkar

Published

2023-08-16

Updated

2023-08-22

CVE-2023-39115

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Campcodes Online Matrimonial Website System Script version 3.3

Description The issue allows for XSS via a crafted SVG document. This is possible through the "install/aiz-uploader/upload" endpoint.

Recommendations For version 3.3, consider disabling the "install/aiz-uploader/upload" endpoint until a patch is available to prevent potential XSS attacks. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using crafted SVG documents in the affected endpoint until the issue is resolved.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2023-39115

Affected Products

Campcodes Online Matrimonial Website System Script

PT-2023-26790 · Unknown · Campcodes Online Matrimonial Website System Script

CVE-2023-39115

Weakness Enumeration

Related Identifiers

Affected Products

References · 10