File Upload Vulnerability in Progress Sitefinity Products
CVE-2023-29375

9.8CRITICAL

Key Information:

Vendor
Progress
Status
Sitefinity
Vendor
CVE Published:
10 April 2023

Summary

A vulnerability has been identified in Progress Sitefinity versions prior to the listed updates, allowing for potentially harmful file uploads through the SharePoint connector. This could lead to unauthorized access or execution of malicious files, posing a significant risk to organizations using these versions. It is crucial for users to upgrade to the recommended releases to shield their systems from exploitation.

References

https://www.progress.com/sitefinity-cms
https://community.progress.com/s/article/Sitefinity-Secur...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-29375 : File Upload Vulnerability in Progress Sitefinity Products | SecurityVulnerability.io