CVE-2023-35189

Name of the Vulnerable Software and Affected Versions Iagona ScrutisWeb versions 2.1.37 and prior

Description The issue is related to a remote code execution vulnerability that could allow an unauthenticated user to upload a malicious payload and execute it. This is due to an unlimited file upload of dangerous types, which can be exploited by a remote attacker to execute arbitrary code by uploading an arbitrary file.

Recommendations For Iagona ScrutisWeb versions 2.1.37 and prior, consider disabling the file upload feature until a patch is available to prevent exploitation of the remote code execution vulnerability. Restrict access to the affected module to minimize the risk of exploitation. Avoid using the file upload functionality in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.