Projectworlds is an unknown web-based application used for managing digital portfolios. This vulnerability allows attackers to pass malicious payloads up to 1.0, resulting in unrestricted upload of files. The attack can be executed remotely and has a low complexity level, making it accessible to script kiddies.
You're affected if you use A security flaw. Affected versions: 1.0 If you don't recognise this software, you're probably not affected.
Immediate mitigations:
- Restrict network access to your projectworlds instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation
Concrete steps:
- Contact the vendor directly for a patched version, as no public patch link is available.
- Follow up with the vendor's support team for further assistance.