exploitDog

CVE-2023-32757

Опубликовано: 25 авг. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.

Ссылки

https://www.twcert.org.tw/tw/cp-132-7330-94442-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7330-94442-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:edetw:u-office_force:20.0.7668d:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00548

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-3jvx-f94j-g6fh

CVSS3: 9.8

github

больше 2 лет назад

e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.

EPSS

Процентиль: 67%

0.00548

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434