Authorization

SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege...

Command injection

SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service...

CVE-2023-48376 SmartStar Software CWS Web-Base - Arbitrary File Upload

SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service...

CVE-2023-48375

CVE-2023-48375 concerns SmartStar Software CWS, a web-based integration platform. The entry describes a broken access control issue: an authenticated user with normal privileges can obtain administrator privileges and perform arbitrary system operations or disrupt services. Affected component is ...