7.5
CVE-2023-25402
- EPSS 0.59%
- Veröffentlicht 03.03.2023 23:15:12
- Zuletzt bearbeitet 06.03.2025 21:15:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginCleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Yf-exam Project ≫ Yf-exam Version1.8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.59% | 0.435 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://github.com/CleverStupidDog/yf-exam/issues/1
https://github.com/Fw-fW-fw/UPDATE-CVE/blob/main/CVE-2023-25402