CVE-2023-39147 – Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)

https://notcve.org/view.php?id=CVE-2023-39147

01 Aug 2023 — An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file. Una vulnerabilidad de carga de archivos arbitrarios en Uvdesk 1.1.3 permite a los atacantes ejecutar código arbitrario mediante la carga de un archivo de imagen manipulado. Uvdesk version 1.1.3 suffers from a remote shell upload vulnerability. • https://packetstorm.news/files/id/173878 • CWE-434: Unrestricted Upload of File with Dangerous Type •