PT-2023-20004 · Stimulsoft · Stimulsoft Viewer+1
Bsc
+4
·
Published
2023-03-27
·
Updated
2025-02-19
·
CVE-2023-25261
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Stimulsoft Designer (Desktop) version 2023.1.4
Stimulsoft Designer (Web) version 2023.1.3
Stimulsoft Viewer (Web) version 2023.1.3
Description
The issue allows for Remote Code Execution, enabling an attacker to access the local file system without restrictions. This can lead to reading or writing local directories and files by including source code. An attacker can also prepare a report with a variable to gather data and render it in the report.
Recommendations
For Stimulsoft Designer (Desktop) version 2023.1.4, update to a version that addresses the Remote Code Execution issue.
For Stimulsoft Designer (Web) version 2023.1.3, update to a version that addresses the Remote Code Execution issue.
For Stimulsoft Viewer (Web) version 2023.1.3, update to a version that addresses the Remote Code Execution issue.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Stimulsoft Designer
Stimulsoft Viewer