exploitDog

CVE-2023-26578

Опубликовано: 25 окт. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.

Ссылки

https://www.themissinglink.com.au/security-advisories/cve-2023-26578
Third Party Advisory
https://www.themissinglink.com.au/security-advisories/cve-2023-26578
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:idattend:idweb:3.1.013:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00328

Низкий

8.8 High

CVSS3

Дефекты

CWE-22

CWE-434

Связанные уязвимости

GHSA-xrxc-cv69-f3fp

CVSS3: 8.8

github

больше 2 лет назад

Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.

EPSS

Процентиль: 55%

0.00328

Низкий

8.8 High

CVSS3

Дефекты

CWE-22

CWE-434