CVE-2023-27164

Description

An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.

Related CPE's

a halo halo ********

References

https://github.com/halo-dev/halo

Product

https://notes.sjtu.edu.cn/s/s5oEvs-p5

ExploitThird Party Advisory

http://halo.com

Product

https://gist.github.com/b33t1e/a1a0d81b1173d0d00de8f4e7958dd867

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io