Identsoft
Monthly
Unrestricted file upload in Codecanyon iDentSoft 2.0 Account Setting Page allows high-privileged remote attackers to upload arbitrary files via the photo parameter in /clinica/profile/updateSetting, potentially enabling code execution or system compromise. CVSS score of 2.0 reflects the requirement for high-privilege authentication, but publicly available exploit code exists and the vulnerability has been disclosed. This is primarily a privilege-escalation concern affecting administrators rather than a default-configuration flaw.
Unrestricted file upload in Codecanyon iDentSoft 2.0 Account Setting Page allows high-privileged remote attackers to upload arbitrary files via the photo parameter in /clinica/profile/updateSetting, potentially enabling code execution or system compromise. CVSS score of 2.0 reflects the requirement for high-privilege authentication, but publicly available exploit code exists and the vulnerability has been disclosed. This is primarily a privilege-escalation concern affecting administrators rather than a default-configuration flaw.