CVE-2023-48031

Published: Nov 17, 2023Modified: Sep 29, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation.

Affected (1)

Products: Opensupports: Opensupports

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opensupports Opensupports	Version 4.11.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (5)

https://bugplorer.github.io/cve-opensupports/

Source: cve@mitre.org

Broken Link

https://nitipoom-jar.github.io/CVE-2023-48031/

Source: cve@mitre.org

Exploit

https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2023-48031

Source: cve@mitre.org

https://bugplorer.github.io/cve-opensupports/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://nitipoom-jar.github.io/CVE-2023-48031/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.