2 matches found
CVE-2023-37289
This CVE (CVE-2023-37289) affects InfoDoc Document On-line Submission and Approval System (versions 22547, 22567) and concerns an Unrestricted Upload of File with Dangerous Type in the file uploading function. The root cause is a permissive file upload mechanism that allows an unauthenticated rem...
CVE-2023-37290
InfoDoc Document On-line Submission and Approval System is affected by CVE-2023-37290 due to insufficient restrictions on HTML tags in its HTML-to-PDF conversion, enabling unauthenticated SSRF via resources loaded through tags like iframe. This could allow remote attackers to access arbitrary sys...