CVE-2023-31541

CRITICAL

CKEditor v1.2.3 - Unrestricted File Upload via Browse and Upload Images Feature

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-31541. PoCs published by DreamD2v.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2023-31541, an arbitrary file upload vulnerability in the CKEditor plugin for Redmine. It includes step-by-step exploitation details, demonstrating how an attacker can bypass file type restrictions to upload and execute malicious PHP files.

Description

A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.

Exploits (1)

nomisec WRITEUP 2 stars
by DreamD2v · poc
https://github.com/DreamD2v/CVE-2023-31541

This repository provides a detailed technical analysis of CVE-2023-31541, an arbitrary file upload vulnerability in the CKEditor plugin for Redmine. It includes step-by-step exploitation details, demonstrating how an attacker can bypass file type restrictions to upload and execute malicious PHP files.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Redmine with redmine_CKEditor plugin (versions 4.2.9 and 1.2.3 respectively)
Auth required
Prerequisites: Access to Redmine with CKEditor plugin · Ability to intercept and modify HTTP requests (e.g., Burp Suite)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0178
EPSS Percentile 75.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
ckeditor/ckeditor 1.2.3
Published Jun 13, 2023
Tracked Since Feb 18, 2026