PT-2023-25886 · Unknown · Infodoc Document On-Line Submission/Approval System
Huding
·
Published
2023-07-20
·
Updated
2023-07-28
·
CVE-2023-37289
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
InfoDoc Document On-line Submission and Approval System versions 22547, 22567
Description
The issue is related to an Unrestricted Upload of File with Dangerous Type in the file uploading function. This allows an unauthenticated remote attacker to upload and run arbitrary executable files, which can be used to perform arbitrary system commands or disrupt the service.
Recommendations
For versions 22547 and 22567, consider disabling the file uploading function until a patch is available to prevent exploitation.
Restrict access to the file uploading module to minimize the risk of uploading arbitrary executable files.
Avoid using the file uploading function in the affected system until the issue is resolved.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Infodoc Document On-Line Submission/Approval System