Lucene search

MitreCVE-2023-42335

HistorySep 20, 2023 - 8:15 p.m.

CVE-2023-42335

2023-09-2020:15:11

CWE-434

mitre

web.nvd.nist.gov

cve-2023-42335

unrestricted file upload

fl3xx dispatch

fl3xx crew

remote code execution

security vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

65.0%

JSON

Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component.

Affected configurations

Nvd

Node

fl3xxcrewMatch2.10.37iphone_os

fl3xxdispatchMatch2.10.37iphone_os

VendorProductVersionCPE
fl3xxcrew2.10.37cpe:2.3:a:fl3xx:crew:2.10.37:*:*:*:*:iphone_os:*:*
fl3xxdispatch2.10.37cpe:2.3:a:fl3xx:dispatch:2.10.37:*:*:*:*:iphone_os:*:*

Vendor	Product	Version	CPE
fl3xx	crew	2.10.37	cpe:2.3:a:fl3xx:crew:2.10.37:::::iphone_os::
fl3xx	dispatch	2.10.37	cpe:2.3:a:fl3xx:dispatch:2.10.37:::::iphone_os::

References

0xhunter20.medium.com/how-i-found-unrestricted-file-upload-in-fl3xx-ios-app-cve-2023-42335-6b1a72da6d65

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

65.0%

JSON

Related for CVE-2023-42335