Vulnerability Description
OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensupports | Opensupports | 4.11.0 |
Related Weaknesses (CWE)
References
- https://bugplorer.github.io/cve-opensupports/Broken Link
- https://nitipoom-jar.github.io/CVE-2023-48031/Exploit
- https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2023-48031
- https://bugplorer.github.io/cve-opensupports/Broken Link
- https://nitipoom-jar.github.io/CVE-2023-48031/Exploit
FAQ
What is CVE-2023-48031?
CVE-2023-48031 is a vulnerability with a CVSS score of 9.8 (CRITICAL). OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the ...
How severe is CVE-2023-48031?
CVE-2023-48031 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-48031?
Check the references section above for vendor advisories and patch information. Affected products include: Opensupports Opensupports.