Lucene search
MitreCVE-2023-43838HistoryOct 04, 2023 - 4:15 p.m.
CVE-2023-43838
2023-10-0416:15:10
CWE-434
mitre
web.nvd.nist.gov
24
arbitrary file upload
vulnerability
personal management system
code execution
svg file
security issue
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
30.8%
An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile’s avatar.
Affected configurations
Node
personal-management-systempersonal_management_systemMatch1.4.64
| Vendor | Product | Version | CPE |
|---|---|---|---|
| personal-management-system | personal_management_system | 1.4.64 | cpe:2.3:a:personal-management-system:personal_management_system:1.4.64:*:*:*:*:*:*:* |
References
Related
osv
osv
CVE-2023-43838
2023-10-04 16:15:10
vulnrichment
vulnrichment
CVE-2023-43838
2023-10-04 00:00:00
prion
prion
Privilege escalation
2023-10-04 16:15:00
cvelist
cvelist
CVE-2023-43838
2023-10-04 00:00:00
nvd
nvd
CVE-2023-43838
2023-10-04 16:15:10
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
30.8%
Related for CVE-2023-43838