CVE-2023-7147

Name of the Vulnerable Software and Affected Versions gopeak MasterLab versions up to 3.3.10

Description A critical vulnerability was found in gopeak MasterLab. The issue affects the function base64ImageContent of the file app/ctrl/User.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely.

Recommendations For gopeak MasterLab versions up to 3.3.10, consider disabling the base64ImageContent function until a patch is available. Restrict access to the app/ctrl/User.php file to minimize the risk of exploitation. Avoid using the image argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.