Unrestricted File Upload Vulnerability in pyLoad by Team pyLoad
CVE-2023-47890

8.8HIGH

Key Information:

Vendor: Team pyLoad
Vendor: CVE Published:; 8 January 2024

Summary

The vulnerability in pyLoad version 0.5.0 allows for unrestricted file uploads, enabling attackers to bypass file type restrictions and upload harmful files to the server. This weakness in the file handling capability presents significant risks, potentially leading to further exploitation of the affected system. Organizations utilizing this version of pyLoad should prioritize updates and implement additional security measures to mitigate the potential impact of this vulnerability.

References

http://pyload.com

https://github.com/pyload/pyload/security/advisories/GHSA...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 8, 2024