CVE-2023-31541

CRITICAL

CKEditor v1.2.3 - File Upload

Title source: llm

Description

A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.

Exploits (1)

nomisec WRITEUP 2 stars

by DreamD2v · poc

https://github.com/DreamD2v/CVE-2023-31541

View Code ZIP pw:eip

References (3)

[Broken Link] http://redmine.com

[Broken Link] http://redmineckeditor.com

[Exploit, Third Party Advisory] https://github.com/DreamD2v/CVE-2023-31541/blob/main/CVE-2023-31541.md

Scores

CVSS v3 9.8

EPSS 0.0551

EPSS Percentile 90.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

ckeditor/ckeditor 1.2.3

Published Jun 13, 2023

Tracked Since Feb 18, 2026