Weaver E-Office unrestricted upload
CVE-2023-2523
Key Information:
Badges
What is CVE-2023-2523?
A vulnerability within Weaver E-Office 9.5 was identified in the App/Ajax/ajax.php file, specifically in the mobile_upload_save functionality. This issue enables an attacker to manipulate the 'upload_quwan' argument, resulting in unrestricted file uploads. Such vulnerabilities can lead to serious security risks, allowing attackers to upload malicious files to the server, potentially compromising the entire system. It has been publicly disclosed, and the lack of response from the vendor raises concerns about its mitigation.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
E-Office 9.5
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
泛微 E-Office 文件上传漏洞(CVE-2023-2523)
声明:请勿将文章内的相关技术用于非法目的,如有相关非法行为与文章作者和本公众号无关。请遵守《中华人民共和国网络安全法》。0X01 简介
References
EPSS Score
91% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 📰
First article discovered by CN-SEC
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved