CVE-2023-41009

2023-09-0520:15:07

Google

osv.dev

cve-2023-41009

remote code execution

crafted script

header authorization

software vulnerability

8 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.6%

JSON

File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header.

CPENameOperatorVersion
bolo-soloeq1.1_stable
bolo-soloeq1.7_stable
bolo-soloeq1.6_stable
bolo-soloeq1.9_stable
bolo-soloeq2.1_stable
bolo-soloeq2.4_stable
bolo-soloeq2.3_stable
bolo-soloeq1.0_stable
bolo-soloeq1.8_stable
bolo-soloeq2.6_stable

Name	Operator	Version
bolo-solo	eq	1.1_stable
bolo-solo	eq	1.7_stable
bolo-solo	eq	1.6_stable
bolo-solo	eq	1.9_stable
bolo-solo	eq	2.1_stable
bolo-solo	eq	2.4_stable
bolo-solo	eq	2.3_stable
bolo-solo	eq	1.0_stable
bolo-solo	eq	1.8_stable
bolo-solo	eq	2.6_stable