PT-2023-31918 · Unknown · Resumable.Php
Williamdes
·
Published
2023-12-26
·
Updated
2024-01-04
·
CVE-2023-52086
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
resumable.php versions 0.1.4 through 3c6dbf5
Description
The issue allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to
upload.php. It is noted that file overwrite has not been possible with the code available in GitHub in recent years.Recommendations
For versions 0.1.4 through 3c6dbf5, consider disabling the
upload.php script until a patch is available to prevent arbitrary file uploads. Restrict access to the upload.php endpoint to minimize the risk of exploitation. Avoid using the ../ path traversal in the multipart/form-data content to prevent uploading files to unintended locations.Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Resumable.Php