PT-2023-20004 · Stimulsoft · Stimulsoft Viewer+1
Bsc
+4
·
Publicado
2023-03-27
·
Atualizado
2025-02-19
·
CVE-2023-25261
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Stimulsoft Designer (Desktop) version 2023.1.4
Stimulsoft Designer (Web) version 2023.1.3
Stimulsoft Viewer (Web) version 2023.1.3
Description
The issue allows for Remote Code Execution, enabling an attacker to access the local file system without restrictions. This can lead to reading or writing local directories and files by including source code. An attacker can also prepare a report with a variable to gather data and render it in the report.
Recommendations
For Stimulsoft Designer (Desktop) version 2023.1.4, update to a version that addresses the Remote Code Execution issue.
For Stimulsoft Designer (Web) version 2023.1.3, update to a version that addresses the Remote Code Execution issue.
For Stimulsoft Viewer (Web) version 2023.1.3, update to a version that addresses the Remote Code Execution issue.
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Stimulsoft Designer
Stimulsoft Viewer