CVE-2023-7147

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-7147

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7147.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-7147

Published

2023-12-29T03:15:11.847Z

Modified

2026-04-10T05:07:47.498015Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Affected is the function base64ImageContent of the file app/ctrl/User.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-249150 is the identifier assigned to this vulnerability.

References

Affected packages

Git / github.com/gopeak/masterlab

Affected ranges

Type

GIT

Repo

https://github.com/gopeak/masterlab

Events

Introduced

Last affected

7d82b94e6867eb7c8ed212dd0f95e7e85bc666fc

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.3.10"
        }
    ]
}

Affected versions

v0.*

v0.9-alpha

v1.*

v1.0

v1.0-beta

v1.0.1

v1.0.2

v1.1

v1.2

v1.2-preview

v2.*

v2.1

v2.2-alpha

v2.2.1-alpha

v3.*

v3.0

v3.0.0RC11

v3.0.0RC12

v3.0.0RC13

v3.0.0RC3

v3.0.0RC4

v3.0.0RC6

v3.0.0RC7

v3.0.0RC8

v3.0.0RC9

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.9

v3.2.0

v3.2.1

v3.3

v3.3.1

v3.3.10

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7147.json"