exploitDog

CVE-2023-48376

Опубликовано: 15 дек. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.

Ссылки

https://www.twcert.org.tw/tw/cp-132-7595-d58b1-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7595-d58b1-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:csharp:cws_collaborative_development_platform:10.25:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00507

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-4q3r-q67v-jf47

CVSS3: 9.8

github

около 2 лет назад

SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.

EPSS

Процентиль: 66%

0.00507

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

CWE-434