Lucene search

TMLCVE-2023-26578

HistoryOct 25, 2023 - 6:17 p.m.

CVE-2023-26578

2023-10-2518:17:25

CWE-434

CWE-22

TML

web.nvd.nist.gov

cve-2023-26578

idattend

idweb

web root

arbitrary file upload

command execution

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

29.3%

JSON

Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.

Affected configurations

Nvd

Node

idattendidwebMatch3.1.013

VendorProductVersionCPE
idattendidweb3.1.013cpe:2.3:a:idattend:idweb:3.1.013:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
idattend	idweb	3.1.013	cpe:2.3:a:idattend:idweb:3.1.013:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "IDWeb",
    "vendor": "IDAttend Pty Ltd",
    "versions": [
      {
        "lessThanOrEqual": "3.1.052",
        "status": "affected",
        "version": "0",
        "versionType": "major"
      }
    ]
  }
]

References

www.themissinglink.com.au/security-advisories/cve-2023-26578

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

29.3%

JSON

Related for CVE-2023-26578