Description

A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.

Remediation

References

CVE-2023-31541

Related Vulnerabilities

MySQL CVE-2022-21330 Vulnerability (CVE-2022-21330)

WordPress Plugin Business Hours Indicator Cross-Site Scripting (2.3.4)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5273)

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3507)

WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-12895)

Severity

Critical

Classification

CVE-2023-31541 CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities