CVE-2023-0265

HIGH8.8EPSS 1.5%

Uvdesk remote code execution vulnerability

發布日:2023/4/5修改日:2026/2/3

描述

Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.

受影響套件(1)

Packagist/uvdesk/community-skeletonfrom 0, <= 1.1.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-0265
PATCHhttps://github.com/uvdesk/community-skeleton
WEBhttps://fluidattacks.com/advisories/supply