CVE-2023-7147
CRITICAL WAF: Medium
CVSS 9.8
Published: 2023-12-29
CWE-434
A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Affected is the function base64ImageContent of the file app/ctrl/User.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-249150 is the identifier assigned to this vulnerability.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| masterlab | masterlab | up to 3.3.10 |
References
- note.zhaoj.in (Broken Link)
- vuldb.com (Permissions Required, Third Party Advisory)
- vuldb.com (Permissions Required, Third Party Advisory)