PT-2023-32516 · Unknown · Maiwei Safety Production Control Platform
Weal
·
Published
2023-11-13
·
Updated
2024-05-17
·
CVE-2023-6102
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Maiwei Safety Production Control Platform version 4.1
Description
A problematic issue was found in the Maiwei Safety Production Control Platform, affecting an unknown function of the file /Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent. This issue leads to unrestricted upload and can be exploited remotely. The exploit has been disclosed publicly.
Recommendations
For Maiwei Safety Production Control Platform version 4.1, consider restricting access to the /Content/Plugins/uploader/FileChoose.html file to minimize the risk of exploitation. As a temporary workaround, avoid using the fileUrl parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Maiwei Safety Production Control Platform