CVE-2023-23607

Name of the Vulnerable Software and Affected Versions erohtar/Dasherr versions prior to 1.05.00

Description The issue allows any unauthenticated user to execute arbitrary code on the server due to unrestricted file upload. The file /www/include/filesave.php enables uploading files to anywhere on the server. If an attacker uploads a php file, they can execute code on the server.

Recommendations For versions prior to 1.05.00, upgrade to version 1.05.00 to address the issue. As a temporary workaround, consider restricting access to the /www/include/filesave.php file to prevent unauthorized file uploads. Additionally, avoid uploading php files to the server until the issue is resolved.