← back
CVE-2023-0670

CVE-2023-0670

CVSS 7.2 HIGHEPSS 1.0%CWE-434
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.2EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
05 Apr 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · Ulearn

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →