What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg groundhogg allows Upload a Web Shell to a Web Server.This issue affects Groundhogg: from n/a through <= 4.2.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg groundhogg allows Upload a Web Shell to a Web Server.This issue affects Groundhogg: from n/a through <= 4.2.1.
Explanation of Vulnerability in Simple Terms
Groundhogg versions up to 4.2.1 allow authenticated administrators to upload files without proper validation. An attacker with admin privileges can upload malicious files that may execute code or compromise site integrity. The vulnerability affects file handling across the application. Update to version 4.5.6 or later to remediate.
What an attacker can do
Upload malicious files and execute code on the site with admin-level privileges.
Potential impact on your site
A compromised admin account can upload files to take over your site or steal data.
Conditions required to exploit
Attacker must have administrator access to the Groundhogg installation.
Key dates
External resources