CVE-2023-42033

Name of the Vulnerable Software and Affected Versions Visualware MyConnection Server (affected versions not specified)

Description The issue is related to the doPostUploadfiles method in Visualware MyConnection Server, which is vulnerable to directory traversal and remote code execution. This is due to the lack of proper validation of a user-supplied path prior to using it in file operations. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. An attacker can leverage this vulnerability to execute code in the context of root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the doPostUploadfiles method until a patch is available. Restrict access to sensitive areas of the server to minimize the risk of exploitation. Avoid using user-supplied paths in file operations until the issue is resolved.