CKEditor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-31541)

Description

A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.

Remediation

References

CVE-2023-31541

Related Vulnerabilities

WordPress Plugin Comment System for WordPress & Ajax Comments-Comment Press Cross-Frame Scripting (2.7.0)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-45149)

WordPress Plugin Visual Link Preview Security Bypass (2.2.2)

WordPress Plugin JW Player for Flash & HTML5 Video Cross-Site Request Forgery (2.1.11)

Joomla! Core Security Bypass (2.5.0 - 3.9.18)

Severity

Critical

Classification

CVE-2023-31541 CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N