Описание
Snipe-IT 6.0.2 vulnerable to Cross-site Scripting via arbitrary file upload in Update Branding Settings
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
Пакеты
Наименование
snipe/snipe-it
composer
Затронутые версииВерсия исправления
<= 6.0.2
Отсутствует
Связанные уязвимости
CVSS3: 4.8
nvd
больше 3 лет назад
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
CVSS3: 4.8
debian
больше 3 лет назад
An arbitrary file upload vulnerability in the Update Branding Settings ...