CVE-2023-46474

Name of the Vulnerable Software and Affected Versions PMB version 7.4.8

Description The issue allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the "start import.php" file. This is related to an unlimited file upload vulnerability of dangerous types.

Recommendations For version 7.4.8, consider disabling the file upload functionality to the "start import.php" file until a patch is available. Restrict access to the "start import.php" file to minimize the risk of exploitation. Avoid using the file upload feature in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.