CVE-2023-37289

InfoDoc Document On-line Submission and Approval System - Arbitrary File Upload

CVSS 9.8 CRITICALEPSS 0.7%CWE-434

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 9.8EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

20 jul 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker can exploit this vulnerability without logging system to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. This issue affects Document On-line Submission and Approval System: 22547, 22567.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

InfoDoc · Document On-line Submission and Approval System

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.twcert.org.tw/tw/cp-132-7225-cef32-1.html