PT-2024-13371 · Ckeditor+1 · Ckeditor+1
Federico Zambito
·
Published
2024-05-28
·
Updated
2024-07-03
·
CVE-2023-46694
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Vtenext version 21.02
Description
The issue allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality.
Recommendations
For Vtenext version 21.02, consider restricting access to the Ckeditor file manager functionality until a patch is available, and ensure proper authentication controls are enforced to prevent arbitrary file uploads.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ckeditor
Vtenext