SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-7595-d58b1-1.html | Third Party Advisory |
Configurations
History
20 Dec 2023, 13:44
Type | Values Removed | Values Added |
---|---|---|
First Time |
Csharp
Csharp cws Collaborative Development Platform |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-434 | |
CPE | cpe:2.3:a:csharp:cws_collaborative_development_platform:10.25:*:*:*:*:*:*:* | |
References | () https://www.twcert.org.tw/tw/cp-132-7595-d58b1-1.html - Third Party Advisory |
15 Dec 2023, 13:42
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-15 08:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-48376
Mitre link : CVE-2023-48376
CVE.ORG link : CVE-2023-48376
JSON object : View
Products Affected
csharp
- cws_collaborative_development_platform
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type