CVE-2023-23607
- Source
- https://cve.org/CVERecord?id=CVE-2023-23607
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23607.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-23607
- Aliases
-
- GHSA-6rgc-2x44-7phq
- Published
- 2023-01-20T20:03:45.071Z
- Modified
- 2026-04-02T08:49:15.852653Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Unrestricted file upload leads to Remote Code Execution in erohtar/Dasherr
- Details
-
erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/23xxx/CVE-2023-23607.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-434" ] }- References
-
- https://www.vicarius.io/vsociety/posts/analyzing-arbitrary-file-upload-in-dasherr-cve-2023-23607-23608
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/23xxx/CVE-2023-23607.json
- https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phq
- https://nvd.nist.gov/vuln/detail/CVE-2023-23607
- https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c5112