PT-2023-31813 · Unknown · Piotnet Forms

Rafie Muhammad

Published

2023-12-29

Updated

2024-01-05

CVE-2023-51412

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Piotnet Forms versions 1.0.25 and earlier

Description The issue is related to an Unrestricted Upload of File with Dangerous Type. This allows for the upload of files with potentially dangerous types, which could lead to security issues.

Recommendations For versions 1.0.25 and earlier, consider restricting file uploads to only allow safe file types until a patch is available. As a temporary workaround, consider disabling file upload functionality in Piotnet Forms until a patch is available. Restrict access to the file upload module to minimize the risk of exploitation.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2023-51412

Affected Products

Piotnet Forms

PT-2023-31813 · Unknown · Piotnet Forms

CVE-2023-51412

Weakness Enumeration

Related Identifiers

Affected Products

References · 7