Vulnerability Description
resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn't been possible with the code available in GitHub in recent years, however.)
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Startutorial | Php Backend For Resumable.Js | 0.1.4 |
Related Weaknesses (CWE)
References
- https://github.com/dilab/resumable.php/commit/3c6dbf5170b01cbb712013c7d0a83f5aacPatch
- https://github.com/dilab/resumable.php/issues/34Issue Tracking
- https://github.com/dilab/resumable.php/pull/27/commits/3e3c94d0302bb399a7611b473Patch
- https://github.com/dilab/resumable.php/pull/39/commits/408f54dff10e48befa44d4179Patch
- https://github.com/dilab/resumable.php/pull/39/commits/d3552efd403e2d87407934477Patch
- https://github.com/dilab/resumable.php/commit/3c6dbf5170b01cbb712013c7d0a83f5aacPatch
- https://github.com/dilab/resumable.php/issues/34Issue Tracking
- https://github.com/dilab/resumable.php/pull/27/commits/3e3c94d0302bb399a7611b473Patch
- https://github.com/dilab/resumable.php/pull/39/commits/408f54dff10e48befa44d4179Patch
- https://github.com/dilab/resumable.php/pull/39/commits/d3552efd403e2d87407934477Patch
FAQ
What is CVE-2023-52086?
CVE-2023-52086 is a vulnerability with a CVSS score of 8.1 (HIGH). resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn...
How severe is CVE-2023-52086?
CVE-2023-52086 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-52086?
Check the references section above for vendor advisories and patch information. Affected products include: Startutorial Php Backend For Resumable.Js.