Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2023-2523

🗓️ 04 May 2023 18:00:05Reported by VulDBType 
cve
 cve🔗 web.nvd.nist.gov👁 74 Views🌐 WEB

Vulnerability in Weaver E-Office 9.5, allowing unrestricted remote upload via mobile_upload_save

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for Command Injection in Tp-Link Archer_Ax21_Firmware
8 May 202405:41
githubexploit
Circl		CVE-2023-2523
4 May 202322:37
circl
CNNVD		Weaver E-Office 代码问题漏洞
4 May 202300:00
cnnvd
Cvelist		CVE-2023-2523 Weaver E-Office unrestricted upload
4 May 202318:00
cvelist
Nuclei		Weaver E-Office 9.5 - Remote Code Execution
1 Jun 202605:38
nuclei
NVD		CVE-2023-2523
4 May 202318:15
nvd
Prion		Out-of-bounds
4 May 202318:15
prion
Positive Technologies		PT-2023-2943 · Unknown · Weaver E-Office
4 May 202300:00
ptsecurity
RedhatCVE		CVE-2023-2523
23 May 202501:52
redhatcve
VulnCheck KEV		VulnCheck KEV: CVE-2023-2523
13 May 202600:00
vulncheck_kev
Rows per page
NVD
Vulners
Node
e-officee-officeMatch9.5
[
  {
    "vendor": "Weaver",
    "product": "E-Office",
    "versions": [
      {
        "version": "9.5",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
upload_quwanrequest body/App/Ajax/ajax.php?action=mobile_upload_saveUnrestricted file upload via parameter upload_quwan in the mobile_upload_save action of Weaver E-Office 9.5.CWE-434

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 07:58Current
8.5High risk
Vulners AI Score8.5
CVSS 3.17.3 - 9.8
CVSS 27.5
CVSS 37.3
EPSS0.93019
CWE-434In Wild
cve-2023-2523vulnerabilityweaver e-office9.5criticalremote uploadmobile_upload_saveunrestricted uploadexploitvdb-228014nvd
74