CVE-2023-42335

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 20, 2023

Updated: Sep 22, 2023

CWE ID 434

Summary

CVE-2023-42335 is a critical vulnerability affecting Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37. An attacker can exploit this Unrestricted File Upload vulnerability to execute arbitrary code through the "add attachment" function in the "New Expense" component. With no file type restrictions in place, a malicious file can be uploaded and run on the affected system, potentially leading to serious compromises. This vulnerability poses a significant risk and requires immediate attention from users to apply the necessary patches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

FL3XX GmbH

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/snx--X
https://www.cve.org/CVERecord?id=CVE-2023-42335
https://nvd.nist.gov/vuln/detail/CVE-2023-42335

Back to Vulnerability Database

CVE-2023-42335

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations