Lucene search
GoogleOSV:GHSA-2HW6-4RV9-82FPHistoryApr 05, 2023 - 12:30 a.m.
Uvdesk remote code execution vulnerability
2023-04-0500:30:39
Google
osv.dev
5
uvdesk
remote code execution
authentication
server
profile pictures
validation
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
46.5%
Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.
Related
nvd
nvd
CVE-2023-0265
2023-04-04 22:15:07
prion
prion
Code injection
2023-04-04 22:15:00
veracode
veracode
Remote Code Execution (RCE)
2023-04-27 05:06:28
github
github
Uvdesk remote code execution vulnerability
2023-04-05 00:30:39
osv
osv
CVE-2023-0265
2023-04-04 22:15:07
cvelist
cvelist
CVE-2023-0265
2023-04-04 00:00:00
cve
cve
CVE-2023-0265
2023-04-04 22:15:07
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
46.5%
Related for OSV:GHSA-2HW6-4RV9-82FP