← Zuruck zu CVEs

CVE-2023-47621

HIGH

8.8

Beschreibung

Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. In affected versions the file uploads feature did not prevent the upload of PHP files. This may lead to code execution on the server by authenticated users. This vulnerability is fixed in v3.1.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE Details

CVSS v3.1 Bewertung8.8

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht11/13/2023

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

duncanmcclean:guest_entries

Schwachen (CWE)

CWE-434CWE-434

Referenzen

https://github.com/duncanmcclean/guest-entries/commit/a8e17b4413bfbbc337a887761a6c858ef1ddb4da(security-advisories@github.com)

https://github.com/duncanmcclean/guest-entries/security/advisories/GHSA-rw82-mhmx-grmj(security-advisories@github.com)

https://github.com/duncanmcclean/guest-entries/commit/a8e17b4413bfbbc337a887761a6c858ef1ddb4da(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/duncanmcclean/guest-entries/security/advisories/GHSA-rw82-mhmx-grmj(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.