CVE-2023-23607

CVSS V2 None CVSS V3 None
Description
erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue.
Overview
  • CVE ID
  • CVE-2023-23607
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-20T21:15:11
  • Last Modified Date
  • 2023-02-03T14:46:36
Weakness Enumerations
CWE URL
CWE-434 http://cwe.mitre.org/data/definitions/434.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:dasherr_project:dasherr:*:*:*:*:*:*:*:* 1 OR 1.05.00
References
Reference URL Reference Tags
https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c5112
https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phq
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-23607
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23607
History
Created Old Value New Value Data Type Notes
2023-01-20 22:13:46 Added to TrackCVE
2023-01-20 22:13:47 Weakness Enumeration new
2023-01-23 15:14:29 2023-01-23T15:08:08 CVE Modified Date updated
2023-01-23 15:14:29 Received Awaiting Analysis Vulnerability Status updated
2023-01-31 17:14:25 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-02-03 15:14:23 2023-02-03T14:46:36 CVE Modified Date updated
2023-02-03 15:14:23 Undergoing Analysis Analyzed Vulnerability Status updated
2023-02-03 15:14:24 CPE Information updated