PT-2024-26243 · Dootask · Dootask
Lianghao-Chuo
·
Published
2024-05-15
·
Updated
2024-08-28
·
CVE-2024-34906
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
dootask version 0.30.13
Description
The issue allows attackers to execute arbitrary code via uploading a crafted PDF file, exploiting an arbitrary file upload vulnerability.
Recommendations
For dootask version 0.30.13, update to a version that fixes the arbitrary file upload vulnerability to prevent attackers from executing arbitrary code.
Exploit
Fix
XSS
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dootask