CVE-2023-3800
LowCVSS 3.9Exploitation Probability (EPSS)
Low risk42th percentile — higher than 42% of all known CVEs
Summary
A vulnerability was found in EasyAdmin8 version 2.0.2.2 that allows unrestricted file uploads. The issue affects an unknown function in the file /admin/index/index.html#/admin/mall.goods/index.html of the File Upload Module.
Risk Assessment
The organization may be exposed to attacks related to unauthorized file uploads, potentially leading to serious security breaches.
Recommendation
It is recommended to update to the latest version of EasyAdmin8 and monitor the system for unauthorized file upload activities.
Original NVD description (English source)
A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html#/admin/mall.goods/index.html of the component File Upload Module. The manipulation leads to unrestricted upload. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235068. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

