Unrestricted File Upload Vulnerability in Gladinet CentreStack Administrative Interface
CVE-2023-26830

7.2HIGH

Key Information:

Vendor: Gladinet
Status: Centrestack
Vendor: CVE Published:; 31 March 2023

Summary

An unrestricted file upload vulnerability exists in the branding component of the administrative portal of Gladinet CentreStack versions prior to 13.5.9808. This vulnerability allows authenticated attackers to upload malicious files to the server, potentially leading to unauthorized execution of arbitrary code. This issue poses significant risks to server integrity and data security, highlighting the critical importance of implementing robust input validation mechanisms to prevent such attacks.

References

https://www.whiteoaksecurity.com/blog/centrestack-disclos...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2023
Vulnerability Reserved
Feb 27, 2023