CVE-2023-0265

CVSS 8.8 HIGHEPSS 1.6%CWE-434

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 1.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

04 Apr 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · Uvdesk

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fluidattacks.com/advisories/supply/https://github.com/uvdesk/community-skeleton