CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.

**A Code Execution Vulnerability in Bludit v3.9.2**

Hi,  
For CVE ID,so I open a new issue,sorry about that.And I think you haven't completely fixed the bug.

There is a new Code Execution Vulnerability which allow to get server permissions,the path is /bl-kernel/admin/ajax/upload-images.php

**1, login with any account which allows you to edit conten**

![image](https://user-images.githubusercontent.com/35037256/64474218-c31fe580-d1a4-11e9-91cd-cb98f4e4ce55.png)

**2.upload the evil jpg**

We can specify the location of the uploaded file by changing the value of the uuid,then upload the evil picture to tmp folder  
![image](https://user-images.githubusercontent.com/35037256/64474256-5c4efc00-d1a5-11e9-8654-04f228c26420.png)  
![image](https://user-images.githubusercontent.com/35037256/64474260-6a048180-d1a5-11e9-8298-f0a10f3ff872.png)

**3.upload both the.htaccess file and the access target jpg**

![image](https://user-images.githubusercontent.com/35037256/64474270-a89a3c00-d1a5-11e9-9b1d-9c9667b0502f.png)  
![image](https://user-images.githubusercontent.com/35037256/64474288-dda68e80-d1a5-11e9-97c7-b927fddaf877.png)

![image](https://user-images.githubusercontent.com/35037256/64474313-25c5b100-d1a6-11e9-8e29-bc9f2efc62fa.png)  
Successfully reverted to the target file

**4\. Access the evil file that are written through jpg**

![image](https://user-images.githubusercontent.com/35037256/64474346-76d5a500-d1a6-11e9-8b3d-d1bbef90aab5.png)

So I recommend checking the file before uploading it to temporary directory

Headline

CVE-2019-16113: Bludit v3.9.2 Code Execution Vulnerability in "Upload function" · Issue #1081 · bludit/bludit

CVE: Latest News