Описание
XpressEngine vulnerable to Unrestricted Upload of File with Dangerous Type
When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.
Пакеты
Наименование
xpressengine/xpressengine
composer
Затронутые версииВерсия исправления
< 3.0.15
3.0.15
Связанные уязвимости
CVSS3: 8.8
nvd
около 3 лет назад
When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.