Arbitrary File Upload Vulnerability in Cockpit CMS by Cockpit
CVE-2023-41564

6.1MEDIUM

Key Information:

Vendor: Agentejo
Status: Cockpit
Vendor: CVE Published:; 8 September 2023

What is CVE-2023-41564?

An arbitrary file upload vulnerability exists in the Upload Asset function of Cockpit CMS version 2.6.3. This flaw allows attackers to upload maliciously crafted .shtml files, potentially enabling them to execute arbitrary code on the affected server. Successful exploitation can lead to unauthorized access and compromise of sensitive data, making it critical for users of this version to implement security patches immediately.

References

https://github.com/LongHair00/Mitre_opensource_report/blo...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2023
Vulnerability Reserved
Aug 30, 2023

CVE-2023-41564 Data

JSON

Agentejo

What is CVE-2023-41564?

References

CVSS V3.1

Timeline