An unauthenticated arbitrary file upload vulnerability in the GeekyBot plugin allows attackers to upload malicious files, posing a critical risk of full system compromise.

This vulnerability allows an unauthenticated attacker to upload arbitrary files to the server, which can subsequently be executed to achieve remote code execution (RCE) on the underlying host.

With a maximum CVSS score of 10.0, this is a critical vulnerability. Successful exploitation grants an attacker complete control over the affected server, enabling them to install backdoors, steal sensitive information, or use the server for further malicious activities, resulting in a total security failure.

Immediate Action: Update the GeekyBot plugin to version 1.2.3 or later immediately.

Proactive Monitoring: Scan the web server's upload directories for unauthorized files or suspicious scripts that may have been uploaded via this vector.

Compensating Controls: Configure the web server to restrict file execution permissions in upload directories and deploy a WAF to block unauthorized file upload requests.

Public Exploit Available: False

This vulnerability constitutes the highest level of risk. Immediate action is required to patch the software and perform a security audit of the affected server to ensure no malicious files have already been introduced.