Lucene search

[email protected]NVD:CVE-2023-34798

HistoryJul 25, 2023 - 8:15 p.m.

CVE-2023-34798

2023-07-2520:15:13

CWE-434

[email protected]

web.nvd.nist.gov

arbitrary code execution

file upload

cve-2023-34798

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

65.5%

JSON

An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file.

Affected configurations

Nvd

Node

weavere-officeRange<9.5

VendorProductVersionCPE
weavere-office*cpe:2.3:a:weaver:e-office:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
weaver	e-office	*	cpe:2.3:a:weaver:e-office::::::::

References

gist.github.com/Zhu013/e5e6e03613704a2a4107cc6456f1e8e2

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

65.5%

JSON

Related for NVD:CVE-2023-34798

cvelist1 prion1 cve1