What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in Case-Themes Case Addons case-addons.This issue affects Case Addons: from n/a through < 1.3.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Unrestricted Upload of File with Dangerous Type vulnerability in Case-Themes Case Addons case-addons.This issue affects Case Addons: from n/a through < 1.3.0.
Explanation of Vulnerability in Simple Terms
Case Addons versions 1.3.0 and earlier allow authenticated users to upload files without proper validation. An attacker with low-level site access can upload malicious files, potentially gaining control over the site. The vulnerability affects confidentiality, integrity, and availability of the entire installation.
What an attacker can do
Upload malicious files to the site and execute code with full site privileges.
Potential impact on your site
A compromised user account can lead to complete site takeover, data theft, and malware injection.
Conditions required to exploit
Attacker must have a low-level user account on the site (e.g., subscriber or contributor role).
Key dates
External resources