CVE-2023-6551

Name of the Vulnerable Software and Affected Versions class.upload.php (affected versions not specified)

Description The issue is related to a stored XSS vulnerability in the default configuration of class.upload.php, a PHP library for managing image uploads. This vulnerability occurs because the library does not perform an in-depth check on uploaded files. To mitigate this, developers should use extension whitelisting and force the server to provide content-type based on the file extension. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations As a temporary workaround, consider using extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. Restrict access to the default configuration of class.upload.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.