Vulnerability Details CVE-2023-53971
WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file path.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.2%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-53971
-
cpe:2.3:a:webtareas_project:webtareas:2.4