Lucene search

PRIOn knowledge basePRION:CVE-2023-25261

HistoryMar 27, 2023 - 9:15 p.m.

Remote code execution

2023-03-2721:15:00

PRIOn knowledge base

www.prio-n.com

stimulsoft gmbh

remote code execution

stimulsoft designer

stimulsoft viewer

web

desktop

2023.1.4

2023.1.3

nvd

local file system

attacker

source code

report

variable

9.3 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.6%

JSON

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include source code which reads or writes local directories and files. It is also possible for the attacker to prepare a report which has a variable that holds the gathered data and render it in the report.

CPENameOperatorVersion
designereq2023.1.3
designereq2023.1.4
designereq2023.1
viewereq2023.1.3
viewereq2023.1.4

Name	Operator	Version
designer	eq	2023.1.3
designer	eq	2023.1.4
designer	eq	2023.1
viewer	eq	2023.1.3
viewer	eq	2023.1.4

References

stimulsoft.com

cloud-trustit.spp.at/s/Rskwb3jKXQQsJy2

cves.at/posts/cve-2023-25261/writeup/