A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /settings/account of the component My Profile Page. The manipulation of the argument filename leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-232952. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://vuldb.com/?ctiid.232952 | Permissions Required |
https://vuldb.com/?id.232952 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
10 Jul 2023, 18:11
Type | Values Removed | Values Added |
---|---|---|
First Time |
Smartweb Infotech Job Board Project
Smartweb Infotech Job Board Project smartweb Infotech Job Board |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://vuldb.com/?id.232952 - Permissions Required | |
References | (MISC) https://vuldb.com/?ctiid.232952 - Permissions Required | |
CPE | cpe:2.3:a:smartweb_infotech_job_board_project:smartweb_infotech_job_board:1.0:*:*:*:*:*:*:* |
04 Jul 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-04 15:15
Updated : 2024-05-17 02:27
NVD link : CVE-2023-3504
Mitre link : CVE-2023-3504
CVE.ORG link : CVE-2023-3504
JSON object : View
Products Affected
smartweb_infotech_job_board_project
- smartweb_infotech_job_board
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type