What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze squeeze allows Using Malicious Files.This issue affects Squeeze: from n/a through <= 1.6.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze squeeze allows Using Malicious Files.This issue affects Squeeze: from n/a through <= 1.6.
Explanation of Vulnerability in Simple Terms
Squeeze versions 1.6 and earlier allow authenticated administrators to upload files without proper validation. An attacker with high-level privileges can upload malicious files that may affect confidentiality, integrity, and availability of the site. Update to version 1.7 or later to remediate.
What an attacker can do
Upload malicious files to the site with administrator privileges.
Potential impact on your site
An admin account compromise could lead to data theft, site defacement, or service disruption.
Conditions required to exploit
Attacker must have administrator-level access to the application.
Key dates
External resources
Related vulnerabilities