Arbitrary File Upload Vulnerability in Uvdesk by Aurelien Lussan
CVE-2023-39147

7.8HIGH

Key Information:

Vendor: Webkul
Status: Uvdesk
Vendor: CVE Published:; 1 August 2023

Summary

An arbitrary file upload vulnerability in Uvdesk version 1.1.3 allows attackers to exploit the system by uploading a specially crafted image file. This security flaw can lead to unauthorized code execution, presenting a significant risk to users as it could allow malicious actors to compromise the integrity and availability of the affected environment. Proper measures must be taken to mitigate this risk and safeguard system resources.

References

https://docs.google.com/document/d/1uv9DjHmKuDxZIjNhWX05E...

http://packetstormsecurity.com/files/173878/Uvdesk-1.1.3-...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 1, 2023
Vulnerability Reserved
Jul 25, 2023