CVE-2022-41573

Name of the Vulnerable Software and Affected Versions Ovidentia version 8.3

Description A problem was discovered in the file upload feature, which does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. The file will then be accessible at a "images/common/" URI for remote code execution.

Recommendations For Ovidentia version 8.3, consider disabling the file upload feature until a patch is available to prevent the uploading of executable files. Restrict access to the "images/common/" directory to minimize the risk of exploitation. Avoid allowing users to rename uploaded files to have executable extensions, such as .php, until the issue is resolved.