CHT Security Blue Team Discovered Arbitrary File Upload Vulnerability in Portal Web Product

Summary

Vulnerability List

1. [CVE-2023-25909] Arbitrary File Upload

Details

1. Arbitrary File Upload

Description

The product allows uploading files of any type without restriction and does not perform session checks on its vulnerability page.

Impact

Unverified attackers can upload arbitrary malicious files to execute code remotely.

The confidentiality, integrity, and availability of data and system will be compromised.

Version

v2 & v3

Credit

* Lee Pu (CHT Security)