Description

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this is intended behavior of the application as it only allows authenticated admins to upload files.

Related CPE's

a

openteknik

open_source_social_network

6.3

*

*

*

lts

Vulnerable

References

https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3

Release NotesThird Party Advisory

https://grimthereaperteam.medium.com/cve-2022-34965-open-source-social-network-6-3-3f61db82880

ExploitThird Party Advisory

https://www.opensource-socialnetwork.org/

Vendor Advisory

https://www.openteknik.com/contact?channel=ossn

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-434

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-434

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-07-25T17:15:08.220

2 years ago

Last modified

2024-08-03T10:15:24.797

11 months ago