CVE-2023-46694

HIGH Year: 2023
CVSS v3 Score
8.1
High
Weakness Type
CWE-434
View all →

Vulnerability Description

Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality.

Related Vulnerabilities

CVE-2012-2950

HIGH
CVSS:8.1(High)

Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information.

CWE-4342012

CVE-2017-12615

HIGH
CVSS:8.1(High)

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to th...

CWE-4342017

CVE-2017-12617

HIGH
CVSS:8.1(High)

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the De...

CWE-4342017

CVE-2017-3189

HIGH
CVSS:8.1(High)

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publ...

CWE-4342017

CVE-2018-12528

HIGH
CVSS:8.1(High)

An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router ...

CWE-4342018

CVE-2021-20104

HIGH
CVSS:8.1(High)

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.

CWE-4342021