CVE-2023-37602

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-37602

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-37602.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-37602

Aliases

GHSA-ghg2-3w9x-9599

Published

2023-07-20T00:00:00Z

Modified

2026-05-28T04:08:59.481278251Z

Summary

[none]

Details

An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.

Database specific

{
    "cna_assigner": "mitre",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/37xxx/CVE-2023-37602.json"
}

References

Affected packages

Git / github.com/alkacon/opencms-core

Affected ranges

Type

GIT

Repo

https://github.com/alkacon/opencms-core

Events

Introduced

Last affected

153eb31f34b50df0289473ec737962426d82e364

Database specific

{
    "cpe": "cpe:2.3:a:alkacon:opencms:15.0.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.0.0"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

Other

build_10_0_0

build_10_0_0_alpha_1

build_10_0_0_alpha_1u

build_10_0_0_alpha_2

build_10_0_0_beta

build_10_0_0_beta3

build_10_0_0_beta4

build_10_0_0_beta_2

build_10_5_0

build_10_5_0_1

build_10_5_0_2

build_10_5_0_3

build_10_5_0_beta

build_10_5_x_cmsdays

build_11_0_0_beta

build_11_0_0_beta_2

build_11_0_0_rc

build_12_0_0

build_13_0_0

build_14_0_0

build_15_0_0

build_4_7_10

build_4_7_11

build_4_7_12

build_4_7_13

build_4_7_14

build_4_7_6

build_4_7_8

build_4_7_9

build_5_0_0

build_5_0_0_beta_1

build_5_0_0_beta_2

build_5_0_0_rc_1

build_5_0_0_rc_2

build_5_1_0

build_5_1_1

build_5_1_10

build_5_1_11

build_5_1_12

build_5_1_3

build_5_1_4

build_5_1_5

build_5_1_6

build_5_1_7

build_5_1_8

build_5_1_9

build_5_3_1

build_5_3_3

build_5_3_4

build_5_3_5

build_5_3_6

build_5_5_1

build_5_5_2

build_5_5_3

build_5_5_4

build_5_7_1

build_5_7_2

build_5_7_3

build_5_9_1

build_5_9_2

build_6_0_0

build_6_0_1

build_6_0_2

build_6_0_3

build_6_0_4

build_6_0_5

build_6_1_13

build_6_2_0

build_6_2_1

build_6_2_2

build_6_2_3

build_7_0_0

build_7_0_1

build_7_0_2

build_7_0_4

build_7_3_0

build_7_5_0_beta_1

build_7_9_2

build_8_0_0

build_8_0_1

build_8_0_2

build_8_0_2_1

build_8_0_3

build_8_5_0

build_8_5_1

build_8_7_0

build_8_9_0

build_9_0_0

build_9_0_0_1

build_9_5_0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-37602.json"