PT-2024-19698 · Unknown · A-Blog Cms
Naoya Miyaguchi
·
Published
2024-01-23
·
Updated
2024-01-29
·
CVE-2024-23180
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
a-blog cms versions prior to 3.1.7
a-blog cms versions prior to 3.0.29
a-blog cms versions prior to 2.11.58
a-blog cms versions prior to 2.10.50
a-blog cms version 2.9.0 and earlier
Description
The issue is related to improper input validation, allowing a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file.
Recommendations
For versions prior to 3.1.7, update to version 3.1.7 or later.
For versions prior to 3.0.29, update to version 3.0.29 or later.
For versions prior to 2.11.58, update to version 2.11.58 or later.
For versions prior to 2.10.50, update to version 2.10.50 or later.
For version 2.9.0 and earlier, update to a later version.
As a temporary workaround, consider restricting the upload of SVG files until a patch is available.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
A-Blog Cms