Vulnerability Description
LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Agilebio | Labcollector | >= 6.0, <= 6.15 |
Related Weaknesses (CWE)
References
- https://github.com/Toxich4/CVE-2023-33253ExploitThird Party Advisory
- https://labcollector.com/Product
- https://labcollector.com/changelog-labcollector/Release Notes
- https://github.com/Toxich4/CVE-2023-33253ExploitThird Party Advisory
- https://labcollector.com/Product
- https://labcollector.com/changelog-labcollector/Release Notes
FAQ
What is CVE-2023-33253?
CVE-2023-33253 is a vulnerability with a CVSS score of 8.8 (HIGH). LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the messag...
How severe is CVE-2023-33253?
CVE-2023-33253 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-33253?
Check the references section above for vendor advisories and patch information. Affected products include: Agilebio Labcollector.