COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2023-31541

CVE-2023-31541

Severity
critical
Source
NVD · cve
Published
2023-06-13
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-31541
⚡ RCE shame 50/100 rce

A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.

Players implicated

ckeditor · vendorckeditor · product

Description

A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.