CVE-2023-48031

Name of the Vulnerable Software and Affected Versions OpenSupports version 4.11.0

Description The issue allows an attacker to bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type in the comment function. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation.

Recommendations For OpenSupports version 4.11.0, as a temporary workaround, consider disabling the comment function until a patch is available. Restrict access to file upload operations to minimize the risk of exploitation. Avoid using the file upload feature in the comment section until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.