← Back

CVE-2023-31541

nvd nist

Published: Jun 13, 2023Modified: Jan 3, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.

Affected (1)

Products: Ckeditor: Ckeditor

Ckeditor

1 product

Ckeditor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ckeditor Ckeditor	Version 1.2.3

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

http://redmine.com

Source: cve@mitre.org

Broken Link

http://redmineckeditor.com

Source: cve@mitre.org

Broken Link

https://github.com/DreamD2v/CVE-2023-31541/blob/main/CVE-2023-31541.md

Source: cve@mitre.org

ExploitThird Party Advisory

http://redmine.com

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://redmineckeditor.com

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://github.com/DreamD2v/CVE-2023-31541/blob/main/CVE-2023-31541.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.