CVE-2023-0265

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-0265

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0265.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-0265

Aliases

GHSA-2hw6-4rv9-82fp

Published

2023-04-04T22:15:07Z

Modified

2024-05-14T12:34:42.670944Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.

References

Affected packages

Git / github.com/uvdesk/community-skeleton

Affected ranges

Type: GIT
Repo: https://github.com/uvdesk/community-skeleton
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c10cd42184b54a5f76b0547236d36e4350141bca

Affected versions

v1.*

v1.1.0

v1.1.1