Описание
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, the image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the request through a Proxy like Burp suite. Make changes to the file extension and content. The vulnerability is fixed in 0.2.1.
Ссылки
- Exploit
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.2.1 (исключая)
cpe:2.3:a:webkul:unopim:*:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00072
Низкий
8.8 High
CVSS3
Дефекты
CWE-434
Связанные уязвимости
github
6 месяцев назад
UnoPim vulnerable to remote code execution through Arbitrary File upload
EPSS
Процентиль: 22%
0.00072
Низкий
8.8 High
CVSS3
Дефекты
CWE-434