CVE-2023-1183

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Libreoffice (affected versions not specified) hsqldb version 1.8.0

Description A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

Recommendations For Libreoffice, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For hsqldb version 1.8.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-22

Related Identifiers

ALSA-2023:6508

ALSA-2023:6933

ALT-PU-2023-5557

ALT-PU-2024-1179

CESA-2023_6933

CVE-2023-1183

DLA-3467-1

DLA-3468-1

DSA-5436-1

DSA-5437-1

DSA-5995-1

MGASA-2023-0225

OESA-2026-1430

OESA-2026-1487

OESA-2026-1488

OESA-2026-1489

OESA-2026-1490

OESA-2026-1491

OPENSUSE-SU-2023_4496-1

RHSA-2023:6508

RHSA-2023:6933

RHSA-2023_6508

RHSA-2023_6933

ROSA-SA-2023-2288

SUSE-SU-2023:4496-1

SUSE-SU-2023:4648-1

SUSE-SU-2023_4648-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Libreoffice

Red Hat

Suse

CVE-2023-1183

Weakness Enumeration

Related Identifiers

Affected Products

References · 62