CVE-2023-27397
CVSS V2 None
CVSS V3 None
Description
Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.
Overview
- CVE ID
- CVE-2023-27397
- Assigner
- vultures@jpcert.or.jp
- Vulnerability Status
- Received
- Published Version
- 2023-05-23T02:15:09
- Last Modified Date
- 2023-05-23T02:15:09
References
| Reference URL | Reference Tags |
|---|---|
| https://jvn.jp/en/jp/JVN31701509/ | |
| https://microengine.jp/information/security_2023_05.html |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-27397 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27397 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-05-23 03:00:57 | Added to TrackCVE |