CVE-2023-7159

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-7159

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7159.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-7159

Published

2023-12-29T07:15:11.420Z

Modified

2026-04-10T05:07:47.468495Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in gopeak MasterLab up to 3.3.10. It has been declared as critical. Affected by this vulnerability is the function add/update of the file app/ctrl/admin/User.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249181 was assigned to this vulnerability.

References

Affected packages

Git / github.com/gopeak/masterlab

Affected ranges

Type

GIT

Repo

https://github.com/gopeak/masterlab

Events

Introduced

Last affected

7d82b94e6867eb7c8ed212dd0f95e7e85bc666fc

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.3.10"
        }
    ]
}

Affected versions

v0.*

v0.9-alpha

v1.*

v1.0

v1.0-beta

v1.0.1

v1.0.2

v1.1

v1.2

v1.2-preview

v2.*

v2.1

v2.2-alpha

v2.2.1-alpha

v3.*

v3.0

v3.0.0RC11

v3.0.0RC12

v3.0.0RC13

v3.0.0RC3

v3.0.0RC4

v3.0.0RC6

v3.0.0RC7

v3.0.0RC8

v3.0.0RC9

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.9

v3.2.0

v3.2.1

v3.3

v3.3.1

v3.3.10

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7159.json"