CVE-2023-31541: Malicious File Upload
First published: Tue Jun 13 2023(Updated: )
A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ckeditor Ckeditor | =1.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-31541?
CVE-2023-31541 is an unrestricted file upload vulnerability in the 'Browse and upload images' feature of the CKEditor v1.2.3 plugin for Redmine.
How severe is CVE-2023-31541?
CVE-2023-31541 has a severity rating of 9.8, which is considered critical.
Which software is affected by CVE-2023-31541?
The CKEditor v1.2.3 plugin for Redmine is affected by CVE-2023-31541.
How can I fix CVE-2023-31541?
To fix CVE-2023-31541, you should update the CKEditor plugin for Redmine to a version that does not have this vulnerability.
What is the CWE of CVE-2023-31541?
CVE-2023-31541 falls under CWE-434, which is for Unrestricted Upload of File with Dangerous Type.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/ckeditor
- canonical/ckeditor ckeditor
- version/ckeditor ckeditor/1.2.3