Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/scott/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Fluid Attacks
Published: 2023-04-05T00:00:00
Updated: 2023-04-05T00:00:00
Reserved: 2023-02-03T00:00:00
Link: CVE-2023-0670
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-05T19:15:07.693
Modified: 2023-04-12T01:26:16.017
Link: CVE-2023-0670
JSON object: View
Redhat Information
No data.
CWE