Arbitrary File Upload Vulnerability in tduck-platform by TDuck Cloud
CVE-2023-37733

6.1MEDIUM

Key Information:

Vendor: Tduckcloud
Status: Tduck-platform
Vendor: CVE Published:; 19 July 2023

What is CVE-2023-37733?

An arbitrary file upload vulnerability exists in tduck-platform v4.0, allowing attackers to upload specially crafted HTML files that could lead to the execution of arbitrary code. This could potentially compromise the integrity and confidentiality of the system and data. Attackers exploiting this vulnerability may gain unauthorized access and control, emphasizing the critical need for immediate remediation and update.

References

http://v40.com

https://github.com/TDuckCloud/tduck-platform

https://github.com/TDuckCloud/tduck-platform/issues/17

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2023
Vulnerability Reserved
Jul 10, 2023

Tduckcloud

What is CVE-2023-37733?

References

CVSS V3.1

Timeline