2 matches found
CVE-2023-42335
The CVE-2023-42335 entry describes an Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and Fl3xx Crew 2.10.37. The issue allows a remote attacker to execute arbitrary code via the Add Attachment function in the New Expense component. The root cause is an unrestricted file upload p...
CVE-2023-42334
The CVE-2023-42334 issue affects Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37, due to an Indirect Object Reference (IDOR) in the user parameter that enables privilege escalation by remote attackers. Root cause is IDOR exposure; impacts include elevated privileges (no info on exploitation specifi...