Remote code execution

2020-02-2519:15:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.3%

Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution.

CPENameOperatorVersion
kunenalt5.0.4

CPE	Name	Operator	Version
	kunena	lt	5.0.4

References

github.com/Kunena/Kunena-Forum/pull/5028

www.kunena.org/blog/179-kunena-5-0-4-released

www.kunena.org/bugs/changelog