CVE-2023-33253

Published: Jun 12, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent.

Affected (1)

Products: Agilebio: Labcollector

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Agilebio Labcollector	From 6.0 to 6.15

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

https://github.com/Toxich4/CVE-2023-33253

Source: cve@mitre.org

ExploitThird Party Advisory

https://labcollector.com/

Source: cve@mitre.org

Product

https://labcollector.com/changelog-labcollector/

Source: cve@mitre.org

Release Notes

https://github.com/Toxich4/CVE-2023-33253

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://labcollector.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://labcollector.com/changelog-labcollector/

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.