CVE-2023-48376

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 15, 2023

Updated: Dec 20, 2023

CWE ID 434

Summary

CVE-2023-48376 is a vulnerability affecting SmartStar Software's CWS, a web-based integration platform. The file uploading function in this software fails to restrict the upload of dangerous file types, allowing an unauthenticated attacker to upload arbitrary files. Successful exploitation could result in the execution of arbitrary commands or disruption of services. This vulnerability poses a significant risk and requires immediate attention from users to apply relevant patches or updates.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tbiVkm
https://www.cve.org/CVERecord?id=CVE-2023-48376
https://nvd.nist.gov/vuln/detail/CVE-2023-48376

Back to Vulnerability Database

CVE-2023-48376

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations