What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw idraw allows Using Malicious Files.This issue affects I Draw: from n/a through <= 1.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw idraw allows Using Malicious Files.This issue affects I Draw: from n/a through <= 1.0.
Explanation of Vulnerability in Simple Terms
I Draw versions 1.0 and earlier contain an unrestricted file upload vulnerability. An authenticated administrator can upload arbitrary files to the server, potentially including executable code. The vulnerability affects confidentiality, integrity, and availability of the site. Update to a version newer than 1.0 when available.
What an attacker can do
Upload arbitrary files, including executable code, to the server.
Potential impact on your site
An admin account compromise could lead to full site takeover through malicious file uploads.
Conditions required to exploit
Attacker must have administrator-level access to the application.
Key dates
External resources