Back to search
CVE-2023-6551
Published: Jan 4, 2024
Modified: Jun 3, 2025
PUBLISHED
Description
As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. The README has been updated to include these guidelines.
| Vendor | Product | Versions |
|---|---|---|
class.upload.php | class.upload.php | affected 0 - <= * |
Weaknesses (CWE)
References
https://cert.pl/posts/2024/01/CVE-2023-6551
third-party-advisory
https://cert.pl/en/posts/2024/01/CVE-2023-6551
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now