CVE-2023-7159 | gopeak MasterLab up to 3.3.10 app/ctrl/admin/User.php add/update avatar unrestricted upload

Posted by Angelo Barbosa | Dec 28, 2023 | CVE

A vulnerability was found in gopeak MasterLab up to 3.3.10. It has been declared as critical. Affected by this vulnerability is the function add/update of the file app/ctrl/admin/User.php. The manipulation of the argument avatar leads to unrestricted upload.

This vulnerability is known as CVE-2023-7159. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2023-7159 | gopeak MasterLab up to 3.3.10 app/ctrl/admin/User.php add/update avatar unrestricted upload

Related Posts

CVE-2023-50196 | Trimble SketchUp Viewer SKP File Parser use after free (ZDI-23-1846)

CVE-2024-21849 | F5 BIG-IP Advanced WAF/BIG-IP ASM up to 16.1.3 Traffic Management Microkernel return of pointer value outside of expected range (K000135873)

CVE-2024-5668 | Lightbox & Modal Popup Plugin up to 2.7.28 on WordPress HTML Data Attribute HTML injection

CVE-2024-4945 | SourceCodester Best Courier Management System 1.0 view_parcel.php id unrestricted upload