CVE-2023-0455

Published: Jan 26, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta.

Affected (3)

Products: Bumsys Project: Bumsys

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Bumsys Project Bumsys	Version 1.0.0 beta
Bumsys Project Bumsys	Version 1.0.1
Bumsys Project Bumsys	Version 1.0.2 beta

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

http://packetstormsecurity.com/files/172674/Bumsys-Business-Management-System-1.0.3-beta-Shell-Upload.html

Source: security@huntr.dev

https://github.com/unilogies/bumsys/commit/a5beff7868ab63bf4ec752a1102f8da033c66b28

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/b5e9c578-1a33-4745-bf6b-e7cdb89793f7

Source: security@huntr.dev

ExploitPatchThird Party Advisory

http://packetstormsecurity.com/files/172674/Bumsys-Business-Management-System-1.0.3-beta-Shell-Upload.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/unilogies/bumsys/commit/a5beff7868ab63bf4ec752a1102f8da033c66b28

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://huntr.dev/bounties/b5e9c578-1a33-4745-bf6b-e7cdb89793f7

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.