LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent.
References
Link | Resource |
---|---|
https://github.com/Toxich4/CVE-2023-33253 | Exploit Third Party Advisory |
https://labcollector.com/ | Product |
https://labcollector.com/changelog-labcollector/ | Release Notes |
https://github.com/Toxich4/CVE-2023-33253 | Exploit Third Party Advisory |
https://labcollector.com/ | Product |
https://labcollector.com/changelog-labcollector/ | Release Notes |
Configurations
History
21 Nov 2024, 08:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/Toxich4/CVE-2023-33253 - Exploit, Third Party Advisory | |
References | () https://labcollector.com/ - Product | |
References | () https://labcollector.com/changelog-labcollector/ - Release Notes |
21 Jul 2023, 19:20
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://labcollector.com/changelog-labcollector/ - Release Notes |
19 Jul 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-434 | |
CPE | cpe:2.3:a:agilebio:labcollector:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References |
|
|
References | (MISC) https://labcollector.com/ - Product | |
References | (MISC) https://github.com/Toxich4/CVE-2023-33253 - Exploit, Third Party Advisory |
12 Jun 2023, 13:28
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-12 13:15
Updated : 2024-11-21 08:05
NVD link : CVE-2023-33253
Mitre link : CVE-2023-33253
CVE.ORG link : CVE-2023-33253
JSON object : View
Products Affected
agilebio
- labcollector
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type