CVE-2023-31541
A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine,
CVSS
9.8
Crítico
EPSS
1.4%
p70
KEV
—
Exploit Today
21
0-100
Publicado: 13 jun 2023 · Última mod.: 9 jul 2026 · CWE-434
1.4%EPSS · 30 días1.8%
2026-06-302026-07-16
A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-562909.8 CRÍ85.4%
KEV—76Joomlack Page Builder Improper Access Control Vulnerability9dCVE-2026-489089.8 CRÍ72.6%
KEV—72JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability9dCVE-2026-489399.8 CRÍ71.5%
KEV—71iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability6dCVE-2026-562919.8 CRÍ53.6%
KEV—66Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability6dCVE-2023-388368.8 ALT99.3%
——30File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.8dCVE-2023-464747.2 ALT97.3%
——29File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.8d