What the vulnerability does
01Description
A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y
What the vulnerability does
A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution.
Explanation of Vulnerability in Simple Terms
The Astroid Template Framework contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files over the network. An attacker can upload malicious files without authentication or user interaction, potentially leading to remote code execution or site compromise. This affects versions 2.0.0 through 3.3.10.
What an attacker can do
Upload arbitrary files to the server without authentication, potentially executing malicious code.
Potential impact on your site
An attacker can upload and execute malicious files, gaining full control of your site.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities