CVE-2023-52086

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Dec 26, 2023

Updated: Jan 4, 2024

CWE ID 434

Summary

CVE-2023-52086 is a vulnerability affecting the resumable.php component of the PHP backend for resumable.js, version 0.1.4 and below. This issue allows an attacker to upload arbitrary files anywhere in the filesystem by using the "../" technique in multipart/form-data content sent to upload.php. Although file overwrite has been difficult with the available code on GitHub in recent years, this vulnerability still poses a significant risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t7qBc2
https://www.cve.org/CVERecord?id=CVE-2023-52086
https://nvd.nist.gov/vuln/detail/CVE-2023-52086

Back to Vulnerability Database

CVE-2023-52086

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations