CVE-2023-32757
e-Excellence U-Office Force - Arbitrary File Upload
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.
La funciĆ³n de carga de archivos de e-Excellence U-Office Force no restringe la carga de archivos de tipo peligroso. Un atacante remoto no autenticado sin registro del servicio puede explotar esta vulnerabilidad para cargar archivos arbitrarios para ejecutar comandos arbitrarios o interrumpir el servicio.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-05-15 CVE Reserved
- 2023-08-25 CVE Published
- 2024-10-02 CVE Updated
- 2025-04-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
- CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.twcert.org.tw/tw/cp-132-7330-94442-1.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Edetw Search vendor "Edetw" | U-office Force Search vendor "Edetw" for product "U-office Force" | 20.0.7668d Search vendor "Edetw" for product "U-office Force" and version "20.0.7668d" | - |
Affected
| ||||||