CVE-2023-23607

Published: Jan 20, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue.

Affected (1)

Products: Dasherr Project: Dasherr

Dasherr Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dasherr Project Dasherr	Before 1.05.00

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (5)

https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c5112

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phq

Source: security-advisories@github.com

ExploitThird Party Advisory

https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c5112

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phq

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.vicarius.io/vsociety/posts/analyzing-arbitrary-file-upload-in-dasherr-cve-2023-23607-23608

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.