CVE-2023-43838

Sažetak

An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar.

Reference

http://www.w3.org/2000/svg
https://github.com/Volmarg/personal-management-system/blob/39d3c0df641a5435f2028b37a27d26ba61a3b97b/src/assets/scripts/core/ui/DataProcessor/SpecialAction.ts#L35
https://github.com/Volmarg
https://github.com/rootd4ddy/CVE-2023-43838
https://github.com/Volmarg/personal-management-system
https://github.com/rootd4ddy/

CVSS

Base:	7.8
Impact:	5.9
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	-

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

06-10-2023 - 16:14

Objavljeno

04-10-2023 - 16:15