CVE-2023-0265

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-0265
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0265.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-0265
Aliases
Published
2023-04-04T22:15:07.217Z
Modified
2026-03-13T06:48:39.854316Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.

References

Affected packages

Git / github.com/uvdesk/community-skeleton

Affected ranges

Type
GIT
Repo
https://github.com/uvdesk/community-skeleton
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c10cd42184b54a5f76b0547236d36e4350141bca
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.1"
        }
    ]
}

Affected versions

v1.*
v1.1.0
v1.1.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0265.json"