Remote code execution via file uploads

Moderate

duncanmcclean published GHSA-rw82-mhmx-grmj

Nov 11, 2023

Package

doublethreedigital/guest-entries (Composer)

Affected versions

< v3.1.3

Patched versions

< v3.1.3

duncanmcclean/guest-entries (Composer)

< v3.1.3

< v3.1.3

Description

Impact

When using the file uploads feature, it was possible to upload PHP files.

Patches

The vulnerability is fixed in v3.1.3.