CVE-2023-27164

CVE-2023-27164

EPSS 0.7%

An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://halo.com https://gist.github.com/b33t1e/a1a0d81b1173d0d00de8f4e7958dd867 https://github.com/halo-dev/halo https://notes.sjtu.edu.cn/s/s5oEvs-p5