5 matches found
CVE-2023-52252
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint...
Design/Logic Flaw
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint...
CVE-2023-52252
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint...
CVE-2023-52252
CVE-2023-52252 affects Unified Remote 3.13.0. The root cause is a wildcarded Access-Control-Allow-Origin header on the Remote upload endpoint, enabling remote attackers to execute arbitrary Lua code. The impact reported is remote code execution with high confidentiality/integrity/availability ris...
PT-2023-31943 · Unknown · Unified Remote
Name of the Vulnerable Software and Affected Versions: Unified Remote version 3.13.0 Description: The issue allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the "Remote upload endpoint". Recommendations: For Unified Remote version 3.13....