PT-2023-32154 · M Files · M-Files Web Companion
Anton Keskisaari
·
Published
2023-10-19
·
Updated
2024-08-28
·
CVE-2023-5524
CVSS v3.1
8.2
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
M-Files Web Companion versions prior to 23.10
M-Files Web Companion LTS Service Release Versions prior to 23.8 LTS SR1
Description
The issue is related to insufficient blacklisting in M-Files Web Companion, allowing Remote Code Execution via specific file types.
Recommendations
For M-Files Web Companion versions prior to 23.10, update to version 23.10 or later.
For M-Files Web Companion LTS Service Release Versions prior to 23.8 LTS SR1, update to 23.8 LTS SR1 or later.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
M-Files Web Companion