CVE-2023-37289 — CRITICAL (9.8)

Vulnerability Description

It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker can exploit this vulnerability without logging system to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. This issue affects Document On-line Submission and Approval System: 22547, 22567.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Infodoc	Document On-Line Submission And Approval System	22547

Related Weaknesses (CWE)

CWE-434

References

https://www.twcert.org.tw/tw/cp-132-7225-cef32-1.htmlThird Party Advisory
https://www.twcert.org.tw/tw/cp-132-7225-cef32-1.htmlThird Party Advisory

FAQ

What is CVE-2023-37289?

CVE-2023-37289 is a vulnerability with a CVSS score of 9.8 (CRITICAL). It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthen...

How severe is CVE-2023-37289?

CVE-2023-37289 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-37289?

Check the references section above for vendor advisories and patch information. Affected products include: Infodoc Document On-Line Submission And Approval System.