CVE-2023-48375

SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege...

CVE-2023-48376

SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service...

CVE-2023-48374

SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service o...

Authorization

SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege...

SmartStar Software CWS Code Issue Vulnerability

SmartStar Software CWS is a Web-based integration platform from China-based SmartStar Software. A code issue vulnerability exists in SmartStar Software CWS v10.25, which stems from the file upload feature not restricting the upload of dangerous types of files, which can be exploited by remote...

SmartStar Software CWS Security Vulnerability

SmartStar Software CWS is a Web-based integration platform from China-based SmartStar Software. A security vulnerability exists in SmartStar Software CWS version v10.25, which stems from a lack of authorization checking in the system, allowing users to access data or perform operations that they...