PT-2023-30518 · Unknown · Guest Entries
Duncanmcclean
·
Published
2023-11-13
·
Updated
2023-11-21
·
CVE-2023-47621
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Guest Entries versions prior to 3.1.2
Description
The file uploads feature in Guest Entries did not prevent the upload of PHP files, which may lead to code execution on the server by authenticated users.
Recommendations
For versions prior to 3.1.2, upgrade to version 3.1.2 to fix the vulnerability. As a temporary workaround, consider disabling the file uploads feature until the upgrade is applied. Restrict access to the file uploads functionality to minimize the risk of exploitation.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Guest Entries