What the vulnerability does
01Description
Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.
Explanation of Vulnerability in Simple Terms
GeekyBot versions up to 1.2.2 allow unauthenticated attackers to upload files without restriction. An attacker can upload malicious files to the server over the network without needing credentials or user interaction. This can lead to complete compromise of the site, including data theft, site defacement, and service disruption.
What an attacker can do
Upload malicious files to the server and execute arbitrary code without authentication.
Potential impact on your site
Complete compromise of the site: attackers can steal data, modify content, disable the site, or use it to attack others.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities