CVE-2023-5636

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ArslanSoft Education Portal versions prior to v1.1

Description The issue allows Command Injection due to an Unrestricted Upload of File with Dangerous Type vulnerability.

Recommendations For versions prior to v1.1, update to version v1.1 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to prevent potential Command Injection attacks.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2023-5636

Affected Products

Arslansoft Education Portal

CVE-2023-5636

Weakness Enumeration

Related Identifiers

Affected Products

References · 7