Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/supply/ | Exploit Third Party Advisory |
https://github.com/uvdesk/community-skeleton | Product |
https://fluidattacks.com/advisories/supply/ | Exploit Third Party Advisory |
https://github.com/uvdesk/community-skeleton | Product |
Configurations
History
21 Nov 2024, 07:36
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-04 22:15
Updated : 2024-11-21 07:36
NVD link : CVE-2023-0265
Mitre link : CVE-2023-0265
CVE.ORG link : CVE-2023-0265
JSON object : View
Products Affected
uvdesk
- community-skeleton
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type