This vulnerability in blubrry PowerPress Podcasting permits an attacker with limited privileges to upload files of dangerous types without restriction. Such files can include web shells, enabling remote code execution and full system compromise. The CVSS score of 9.9 reflects the critical nature of this flaw, with network attack vector, low complexity, no user interaction, and complete impact on confidentiality, integrity, and availability. The affected versions include all versions up to 11.12.5. No patch or remediation details are currently provided.

Successful exploitation allows an attacker to upload malicious files such as web shells to the web server hosting PowerPress Podcasting, potentially leading to full system compromise. This includes unauthorized disclosure of information, modification or destruction of data, and disruption of service. The vulnerability is critical due to its high impact and ease of exploitation with low privileges.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict upload permissions to trusted users only and monitor for suspicious file uploads. Avoid exposing the upload functionality to untrusted users. Follow updates from blubrry for an official fix or temporary mitigation.