CRITICAL🇬🇧 English

CVE-2023-32757

CVSS 9.8v3.1pub. 2023-08-25upd. 2024-11-21

e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Edetw U Office Force

    APP
    Edetw
    20.0.7668d
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-3422CRITICAL9.3PL ✓ten sam produkt

Insecure Deserialization w Edetw U-Office Force umożliwia zdalne RCE

CVE-2025-2395CRITICAL9.8PL ✓ten sam produkt

U-Office Force: Nieautoryzowane logowanie jako administrator przez manipulację cookies

CVE-2025-12865HIGH8.7ten sam produkt

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote atta...

CVE-2025-12864HIGH8.7ten sam produkt

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote atta...

CVE-2025-2396HIGH8.8ten sam produkt

The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers wit...

CVE-2023-32757 — CRITICAL 9.8 | CVEbaza.pl