PT-2023-22629 · Mobatime · Mobatime
Testeurdestylos
·
Publicado
2023-06-02
·
Atualizado
2025-10-17
·
CVE-2023-3032
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Mobatime web application versions through 06.7.22
Description
The issue allows a malicious user to upload a web shell to a web server due to an unrestricted upload of file with dangerous type vulnerability in the documentary proof upload modules.
Recommendations
For versions through 06.7.22, as a temporary workaround, consider disabling the documentary proof upload modules until a patch is available. Restrict access to the upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mobatime