exploitDog

CVE-2023-33253

Опубликовано: 12 июн. 2023

Источник: nvd

CVSS3: 8.8

EPSS Средний

Описание

LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent.

Ссылки

https://github.com/Toxich4/CVE-2023-33253
Exploit
Third Party Advisory
https://labcollector.com/
Product
https://labcollector.com/changelog-labcollector/
Release Notes
https://github.com/Toxich4/CVE-2023-33253
Exploit
Third Party Advisory
https://labcollector.com/
Product
https://labcollector.com/changelog-labcollector/
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:agilebio:labcollector:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.15 (включая)

EPSS

Процентиль: 97%

0.40986

Средний

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-c5r4-m7mf-vx33

CVSS3: 8.8

github

больше 2 лет назад

LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent.

EPSS

Процентиль: 97%

0.40986

Средний

8.8 High

CVSS3

Дефекты

CWE-434