CVE-2023-0670

EPSS 0.99%
Veröffentlicht 05.04.2023 19:15:07
Zuletzt bearbeitet 13.02.2025 20:15:46
Quelle help@fluidattacks.com
CVE-Watchlists
Login
Unerledigt
Login

Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ulearn Project ≫ Ulearn Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.99%	0.762

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://fluidattacks.com/advisories/scott/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0670

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0670

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0670

EUVD