CVE-2023-28833 Unrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server

🗓️ 30 Mar 2023 18:49:38Reported by GoogleType

osv

osv🔗 osv.dev👁 20 Views

Nextcloud server logo upload vulnerability fix availabl

Reporter	Title	Published	Views	Family All 26
BDU FSTEC	The vulnerability of cloud-based software for creating and using Nextcloud storage solutions allows a hacker to gain unauthorized access to protected information.	27 Apr 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of cloud-based software for creating and using Nextcloud data storage allows a attacker to cause a service failure.	27 Apr 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of cloud-based software for creating and using Nextcloud data storage allows a hacker to induce a service failure.	27 Apr 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of cloud-based software for creating and using Nextcloud data storage allows a hacker to execute arbitrary code.	27 Apr 202300:00	–	bdu_fstec
Circl	CVE-2023-28833	30 Mar 202322:35	–	circl
CNNVD	Nextcloud 代码问题漏洞	30 Mar 202300:00	–	cnnvd
CVE	CVE-2023-28833	30 Mar 202318:49	–	cve
Cvelist	CVE-2023-28833 Unrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server	30 Mar 202318:49	–	cvelist
EUVD	EUVD-2023-32465	3 Oct 202520:07	–	euvd
Nextcloud	Ability to control the filename when uploading a logo or favicon as admin in the theming settings	30 Mar 202308:23	–	nextcloud

Source	Link
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2023/28xxx/CVE-2023-28833.json
github	www.github.com/nextcloud/security-advisories/security/advisories/GHSA-ch7f-px7m-hg25
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-28833
github	www.github.com/nextcloud/server/pull/36095

10 Apr 2026 04:57Current

8.4High risk

Vulners AI Score8.4

CVSS 3.12.4

EPSS0.00537

nextcloud server logo upload vulnerability fix available admin file overwrite