A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /settings/account of the component My Profile Page. The manipulation of the argument filename leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-232952. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://vuldb.com/?ctiid.232952 | Permissions Required |
https://vuldb.com/?id.232952 | Permissions Required |
https://vuldb.com/?ctiid.232952 | Permissions Required |
https://vuldb.com/?id.232952 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:17
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 6.3 |
References | () https://vuldb.com/?ctiid.232952 - Permissions Required | |
References | () https://vuldb.com/?id.232952 - Permissions Required |
10 Jul 2023, 18:11
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:smartweb_infotech_job_board_project:smartweb_infotech_job_board:1.0:*:*:*:*:*:*:* | |
References | (MISC) https://vuldb.com/?id.232952 - Permissions Required | |
References | (MISC) https://vuldb.com/?ctiid.232952 - Permissions Required | |
First Time |
Smartweb Infotech Job Board Project
Smartweb Infotech Job Board Project smartweb Infotech Job Board |
04 Jul 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-04 15:15
Updated : 2024-11-21 08:17
NVD link : CVE-2023-3504
Mitre link : CVE-2023-3504
CVE.ORG link : CVE-2023-3504
JSON object : View
Products Affected
smartweb_infotech_job_board_project
- smartweb_infotech_job_board
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type