2 matches found
CVE-2023-30613 Kiwi TCMS unrestricted file upload vulnerability
Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an .exe file or a file containing embedded...
CVE-2023-30613
Kiwi TCMS before version 12.2 allowed arbitrary file uploads because there was no validation of upload file types. This allowed attackers to upload potentially executable files (.exe) or files containing [removed] tags that could trigger XSS, leading to code execution on users’ machines. Version ...