Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/supply/ | Exploit Third Party Advisory |
https://github.com/uvdesk/community-skeleton | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Fluid Attacks
Published: 2023-04-04T00:00:00
Updated: 2023-04-04T00:00:00
Reserved: 2023-01-12T00:00:00
Link: CVE-2023-0265
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-04T22:15:07.217
Modified: 2023-04-11T17:24:48.213
Link: CVE-2023-0265
JSON object: View
Redhat Information
No data.
CWE