CVE-2023-42335

2023-09-2000:00:00

mitre

www.cve.org

file upload

vulnerability

fl3xx dispatch

fl3xx crew

remote attack

arbitrary code

new expense

AI Score

Confidence

High

EPSS

0.002

Percentile

65.0%

JSON

Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component.

References

0xhunter20.medium.com/how-i-found-unrestricted-file-upload-in-fl3xx-ios-app-cve-2023-42335-6b1a72da6d65