admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-65xx/CVE-2023-6551.json

36 lines
1.1 KiB
JSON
Raw Normal View History

Auto-Update: 2024-01-04T17:00:24.382538+00:00
2024-01-04 17:00:28 +00:00
{
"id": "CVE-2023-6551",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-01-04T16:15:09.380",
Auto-Update: 2024-01-04T19:00:25.444381+00:00
2024-01-04 19:00:29 +00:00
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
Auto-Update: 2024-01-04T17:00:24.382538+00:00
2024-01-04 17:00:28 +00:00
"descriptions": [
{
"lang": "en",
"value": "As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. \n\n\nDevelopers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. \n\n\nThe README has been updated to include these guidelines.\n\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2024/01/CVE-2023-6551",
"source": "cvd@cert.pl"
},
{
"url": "https://cert.pl/posts/2024/01/CVE-2023-6551",
"source": "cvd@cert.pl"
}
]
}
Reference in New Issue Copy Permalink