CVE-2023-40731

Name of the Vulnerable Software and Affected Versions QMS Automotive versions prior to V12.39

Description A vulnerability has been identified in the affected application, allowing users to upload arbitrary file types. This could allow an attacker to upload malicious files, potentially leading to code tampering. The vulnerability may be exploited by a remote attacker to execute arbitrary code by uploading a specially crafted file.

Recommendations For versions prior to V12.39, consider restricting file uploads to only necessary and validated file types until a patch is available. As a temporary workaround, restrict access to the file upload feature to minimize the risk of exploitation.