What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF beaf-before-and-after-gallery allows Upload a Web Shell to a Web Server.This issue affects BEAF: from n/a through <= 4.6.10.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF beaf-before-and-after-gallery allows Upload a Web Shell to a Web Server.This issue affects BEAF: from n/a through <= 4.6.10.
Explanation of Vulnerability in Simple Terms
BEAF versions up to 4.6.10 allow authenticated administrators to upload files without proper validation. An attacker with admin privileges can upload malicious files that execute on the server, potentially compromising the entire site. The vulnerability affects file integrity, confidentiality, and availability. Update to a version newer than 4.6.10.
What an attacker can do
Upload and execute malicious files on the server with admin-level access.
Potential impact on your site
A compromised admin account can upload files to take over your site or steal data.
Conditions required to exploit
Attacker must have administrator privileges on the site.
Key dates
External resources
Related vulnerabilities