How severe is CVE-2023-22890?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2023-22890?

This is classified as CWE-434, which is a common weakness in software security.

CVE-2023-22890

HIGH Year: 2023

CVSS v3 Score

7.5

High

Weakness Type

CWE-434

View all →

Vulnerability Description

SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.

CVE-2015-9338

HIGH

CVSS:7.5(High)

The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.

CWE-4342015

CVE-2015-9339

HIGH

CVSS:7.5(High)

The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.

CWE-4342015

CVE-2015-9340

HIGH

CVSS:7.5(High)

The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.

CWE-4342015

CVE-2015-9341

HIGH

CVSS:7.5(High)

The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.

CWE-4342015

CVE-2016-10958

HIGH

CVSS:7.5(High)

The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.

CWE-4342016

CVE-2016-7452

HIGH

CVSS:7.5(High)

The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.

CWE-4342016

CVE-2023-22890

Vulnerability Description

Related Vulnerabilities

CVE-2015-9338

CVE-2015-9339

CVE-2015-9340

CVE-2015-9341

CVE-2016-10958

CVE-2016-7452