CVE-2023-0670
CVSS V2 None
CVSS V3 None
Description
Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image.
Overview
- CVE ID
- CVE-2023-0670
- Assigner
- help@fluidattacks.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-04-05T19:15:07
- Last Modified Date
- 2023-04-12T01:26:16
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:ulearn_project:ulearn:-:*:*:*:*:*:*:* | 1 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://fluidattacks.com/advisories/scott/ | Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-0670 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0670 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 04:12:56 | Added to TrackCVE | |||
| 2023-04-17 04:12:58 | Weakness Enumeration | new |