CVE-2023-41564

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in packagist/cockpit-hq/cockpit

Identifiers

GHSA-38vf-35cg-m73w, CVE-2023-41564

Package Slug

packagist/cockpit-hq/cockpit

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file.

Affected Versions

All versions up to 2.6.3

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-09-12

source