Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/invisiblebyte/CVE-2023-46694 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-02T20:53:20.683Z
Reserved:
Link: CVE-2023-46694
Vulnrichment
Updated: 2024-08-02T20:53:20.683Z
NVD
Status : Awaiting Analysis
Published: 2024-05-28T20:16:20.743
Modified: 2024-07-03T01:42:06.570
Link: CVE-2023-46694
Redhat
No data.