Lucene search
GitHub Advisory DatabaseGHSA-2HW6-4RV9-82FPHistoryApr 05, 2023 - 12:30 a.m.
Uvdesk remote code execution vulnerability
2023-04-0500:30:39
CWE-434
GitHub Advisory Database
github.com
12
uvdesk
version 1.1.1
remote code execution
authenticated
server
commands
profile pictures
validation
software
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
46.5%
Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.
Affected configurations
Node
uvdeskcommunity-skeletonRange≤1.1.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| uvdesk/community-skeleton | le | 1.1.1 |
Related
nvd
nvd
CVE-2023-0265
2023-04-04 22:15:07
cve
cve
CVE-2023-0265
2023-04-04 22:15:07
cvelist
cvelist
CVE-2023-0265
2023-04-04 00:00:00
osv
osv
CVE-2023-0265
2023-04-04 22:15:07
Uvdesk remote code execution vulnerability
2023-04-05 00:30:39
veracode
veracode
Remote Code Execution (RCE)
2023-04-27 05:06:28
prion
prion
Code injection
2023-04-04 22:15:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
46.5%
Related for GHSA-2HW6-4RV9-82FP