What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen flozen-theme allows Upload a Web Shell to a Web Server.This issue affects Flozen: from n/a through < 1.5.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen flozen-theme allows Upload a Web Shell to a Web Server.This issue affects Flozen: from n/a through < 1.5.1.
Explanation of Vulnerability in Simple Terms
Flozen versions up to 1.5.1 allow unauthenticated attackers to upload files without restriction. An attacker can upload malicious files directly to the site over the network, potentially gaining control of the entire system. No user interaction or special privileges are required. This vulnerability affects the confidentiality, integrity, and availability of the site.
What an attacker can do
Upload malicious files to the site and run their own code on the server.
Potential impact on your site
Complete compromise of the site and server; attacker can read, modify, or delete all data.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources