Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type
CVE-2023-32225

9.8CRITICAL

Key Information:

Vendor: Sysaid
Status: Sysaid
Vendor: CVE Published:; 30 July 2023

Summary

A vulnerability in Sysaid allows authenticated users with administrative privileges to upload files without proper restrictions. This may enable attackers to introduce malicious files that can compromise the server or network, posing significant security risks. Proper security measures and file type validation are essential to mitigate potential exploitation of this vulnerability.

Affected Version(s)

Sysaid All versions < 23.2.14 b18

References

https://www.gov.il/en/Departments/faq/cve_advisories

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 30, 2023
Vulnerability Reserved
May 4, 2023

Credit

Niv Levy