erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue.
References
Link | Resource |
---|---|
https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c5112 | Patch Third Party Advisory |
https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phq | Exploit Third Party Advisory |
https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c5112 | Patch Third Party Advisory |
https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phq | Exploit Third Party Advisory |
https://www.vicarius.io/vsociety/posts/analyzing-arbitrary-file-upload-in-dasherr-cve-2023-23607-23608 |
Configurations
History
21 Nov 2024, 07:46
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c5112 - Patch, Third Party Advisory | |
References | () https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phq - Exploit, Third Party Advisory |
07 Nov 2023, 04:07
Type | Values Removed | Values Added |
---|---|---|
Summary | erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue. |
Information
Published : 2023-01-20 21:15
Updated : 2024-11-21 07:46
NVD link : CVE-2023-23607
Mitre link : CVE-2023-23607
CVE.ORG link : CVE-2023-23607
JSON object : View
Products Affected
dasherr_project
- dasherr
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type