Codoforum 5.1 - Arbitrary File Upload CVE-2022-31854
- CVSSv3 Score
- Vulnerability description
Codoforum 5.1 contains an arbitrary file upload vulnerability via the logo change option in the admin panel. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code. As a result, an attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.
Apply the latest security patch or upgrade to a patched version of Codoforum.
- Not available