PT-2023-30803 · Unknown · Smartstar Software Cws

Kun Xian Lin

Published

2023-12-15

Updated

2023-12-20

CVE-2023-48376

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SmartStar Software CWS (affected versions not specified)

Description The issue concerns the file uploading function of SmartStar Software CWS, a web-based integration platform, which does not restrict the upload of files with dangerous types. This allows an unauthenticated remote attacker to upload arbitrary files, potentially leading to the execution of arbitrary commands or disruption of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2023-48376

Affected Products

Smartstar Software Cws

PT-2023-30803 · Unknown · Smartstar Software Cws

CVE-2023-48376

Weakness Enumeration

Related Identifiers

Affected Products

References · 5