Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).
References
Configurations
History
21 Nov 2024, 08:07
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/bludit/bludit/issues/1212#issuecomment-649514491 - | |
References | () https://github.com/bludit/bludit/issues/1369#issuecomment-940806199 - | |
References | () https://github.com/bludit/bludit/issues/1508 - Exploit, Issue Tracking |
30 Dec 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:bludit:bludit:3.14.1:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CWE | CWE-434 | |
References |
|
|
References | (MISC) https://github.com/bludit/bludit/issues/1508 - Exploit, Issue Tracking | |
Summary | Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration). |
16 Jun 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-16 04:15
Updated : 2024-11-21 08:07
NVD link : CVE-2023-34845
Mitre link : CVE-2023-34845
CVE.ORG link : CVE-2023-34845
JSON object : View
Products Affected
bludit
- bludit
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type