exploitDog

CVE-2023-4097

Опубликовано: 03 окт. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-idm-sistemas-qsige
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-idm-sistemas-qsige
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:qsige:qsige:3.0.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00107

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-8mx5-wvh2-fvmf

CVSS3: 8.8

github

больше 2 лет назад

The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username.

EPSS

Процентиль: 30%

0.00107

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

CWE-434