What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block form-block allows Upload a Web Shell to a Web Server.This issue affects Form Block: from n/a through <= 1.5.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block form-block allows Upload a Web Shell to a Web Server.This issue affects Form Block: from n/a through <= 1.5.5.
Explanation of Vulnerability in Simple Terms
Form Block versions up to 1.5.5 allow unauthenticated attackers to upload files without restriction. An attacker can upload malicious files to the site over the network, potentially gaining control of the server. The vulnerability requires specific conditions to exploit but can affect confidentiality, integrity, and availability of the entire site.
What an attacker can do
Upload malicious files to the site without authentication, potentially executing code on the server.
Potential impact on your site
Attackers could upload and execute malicious code, compromising the entire site and any data it contains.
Conditions required to exploit
Network access to the site; no authentication or user interaction required, though exploitation complexity is high.
Key dates
External resources