CVE-2023-23634

Name of the Vulnerable Software and Affected Versions Documize version 5.4.2

Description The issue allows remote attackers to execute arbitrary code via the user parameter of the "/api/dashboard/activity" endpoint. This enables attackers to potentially gain unauthorized access and control over the system. Approximately 790 devices are potentially affected, mainly located in the United States, Ireland, and other countries.

Recommendations For Documize version 5.4.2, consider disabling access to the "/api/dashboard/activity" endpoint until a patch is available. Additionally, restrict the use of the user parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.