Опубликовано: 24 окт. 2024
Источник: github
Github: Прошло ревью
CVSS4: 8.1
CVSS3: 9.8
Описание
Remote code execution in php-heic-to-jpg
php-heic-to-jpg < 1.0.5 is vulnerable to remote code execution. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg below 1.0.5.
Ссылки
Пакеты
Наименование
maestroerror/php-heic-to-jpg
composer
Затронутые версииВерсия исправления
< 1.0.5
1.0.5
Связанные уязвимости
CVSS3: 9.8
nvd
больше 1 года назад
php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in 1.0.6). An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below.