Description

An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.

Related CPE's

a

halo

halo

Vulnerable

References

http://halo.com

Product

https://gist.github.com/b33t1e/a1a0d81b1173d0d00de8f4e7958dd867

https://github.com/halo-dev/halo

Product

https://notes.sjtu.edu.cn/s/s5oEvs-p5

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-434

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.8 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-03-10T16:15:11.343

2 years ago

Last modified

2023-03-31T20:15:07.517

2 years ago