CVE-2023-7159

Name of the Vulnerable Software and Affected Versions gopeak MasterLab versions up to 3.3.10

Description A critical issue has been found in the function add/update of the file app/ctrl/admin/User.php, where the manipulation of the avatar argument leads to unrestricted upload. This issue can be exploited remotely. The exploit has been disclosed to the public.

Recommendations For gopeak MasterLab versions up to 3.3.10, consider disabling the add/update function in the file app/ctrl/admin/User.php until a patch is available. Restrict access to the avatar argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.