Forestblog
CVE-2023-6887
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248247.
AnalysisAI
A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248247. Affected products include: Forestblog Project Forestblog. Version information: up to 20220630..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
More in Forestblog
View allForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar. Rated medium se
A vulnerability was found in Sayski ForestBlog up to 20250321 and classified as problematic. Rated medium severity (CVSS
A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Rated medium severity
Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today