Lucene search
Fluid AttacksCVE-2023-0265HistoryApr 04, 2023 - 10:15 p.m.
CVE-2023-0265
2023-04-0422:15:07
CWE-434
Fluid Attacks
web.nvd.nist.gov
20
uvdesk
authenticated
remote
command execution
cve-2023-0265
nvd
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
46.5%
Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.
Affected configurations
Node
uvdeskcommunity-skeletonMatch1.1.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| uvdesk | community-skeleton | 1.1.1 | cpe:2.3:a:uvdesk:community-skeleton:1.1.1:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "n/a",
"product": "Uvdesk",
"versions": [
{
"version": "1.1.1",
"status": "affected"
}
]
}
]Related
nvd
nvd
CVE-2023-0265
2023-04-04 22:15:07
prion
prion
Code injection
2023-04-04 22:15:00
osv
osv
Uvdesk remote code execution vulnerability
2023-04-05 00:30:39
CVE-2023-0265
2023-04-04 22:15:07
veracode
veracode
Remote Code Execution (RCE)
2023-04-27 05:06:28
github
github
Uvdesk remote code execution vulnerability
2023-04-05 00:30:39
cvelist
cvelist
CVE-2023-0265
2023-04-04 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
46.5%
Related for CVE-2023-0265