CVE-2023-48376

SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-7595-d58b1-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:csharp:cws_collaborative_development_platform:10.25:*:*:*:*:*:*:*

History

20 Dec 2023, 13:44

Type Values Removed Values Added
First Time Csharp
Csharp cws Collaborative Development Platform
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-434
CPE cpe:2.3:a:csharp:cws_collaborative_development_platform:10.25:*:*:*:*:*:*:*
References () https://www.twcert.org.tw/tw/cp-132-7595-d58b1-1.html - () https://www.twcert.org.tw/tw/cp-132-7595-d58b1-1.html - Third Party Advisory

15 Dec 2023, 13:42

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-15 08:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-48376

Mitre link : CVE-2023-48376

CVE.ORG link : CVE-2023-48376


JSON object : View

Products Affected

csharp

  • cws_collaborative_development_platform
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type