Unrestricted file upload

2023-03-1022:15:00

PRIOn knowledge base

www.prio-n.com

file upload vulnerability

avantfax 3.3.7

php file type validation

nvd

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.6%

JSON

A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.

CPENameOperatorVersion
avantfaxeq3.3.7

CPE	Name	Operator	Version
	avantfax	eq	3.3.7

References

avantfax.com

github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md