Vulnerability Description
erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dasherr Project | Dasherr | < 1.05.00 |
Related Weaknesses (CWE)
References
- https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c51PatchThird Party Advisory
- https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phqExploitThird Party Advisory
- https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c51PatchThird Party Advisory
- https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phqExploitThird Party Advisory
- https://www.vicarius.io/vsociety/posts/analyzing-arbitrary-file-upload-in-dasher
FAQ
What is CVE-2023-23607?
CVE-2023-23607 is a vulnerability with a CVSS score of 9.8 (CRITICAL). erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/fi...
How severe is CVE-2023-23607?
CVE-2023-23607 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-23607?
Check the references section above for vendor advisories and patch information. Affected products include: Dasherr Project Dasherr.