exploitDog

CVE-2023-23328

Опубликовано: 10 мар. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.

Ссылки

http://avantfax.com
Vendor Advisory
https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md
Exploit
Third Party Advisory
http://avantfax.com
Vendor Advisory
https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:avantfax:avantfax:3.3.7:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00128

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-96v6-4gc5-r7jq

CVSS3: 8.8

github

почти 3 года назад

A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.

EPSS

Процентиль: 33%

0.00128

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

CWE-434