Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/supply/ | Exploit Third Party Advisory |
https://github.com/uvdesk/community-skeleton | Product |
Configurations
History
11 Apr 2023, 17:24
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-434 | |
First Time |
Uvdesk community-skeleton
Uvdesk |
|
References | (MISC) https://fluidattacks.com/advisories/supply/ - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/uvdesk/community-skeleton - Product | |
CPE | cpe:2.3:a:uvdesk:community-skeleton:1.1.1:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
04 Apr 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-04 22:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-0265
Mitre link : CVE-2023-0265
CVE.ORG link : CVE-2023-0265
JSON object : View
Products Affected
uvdesk
- community-skeleton
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type