CVE-2023-43838
- Source
- https://cve.org/CVERecord?id=CVE-2023-43838
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-43838.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-43838
- Published
- 2023-10-04T16:15:10.277Z
- Modified
- 2025-11-15T06:52:28.838248Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar.
- References
-
- http://www.w3.org/2000/svg
- https://github.com/Volmarg
- https://github.com/rootd4ddy/
- https://github.com/Volmarg/personal-management-system/blob/39d3c0df641a5435f2028b37a27d26ba61a3b97b/src/assets/scripts/core/ui/DataProcessor/SpecialAction.ts#L35
- https://github.com/rootd4ddy/CVE-2023-43838
- https://github.com/Volmarg/personal-management-system
Affected packages
Git / github.com/volmarg/personal-management-system
Affected ranges
- Type
- GIT
- Repo
- https://github.com/volmarg/personal-management-system
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
1.*
1.19
1.31.1
Beta1.*
Beta1.2
Beta1.3
Beta1.4
beta1.*
beta1.0
beta1.1
v1.*
v1.0
v1.01
v1.02
v1.021
v1.1
v1.11
v1.12
v1.13
v1.14
v1.15
v1.16
v1.17
v1.17.1
v1.17.2
v1.17.3
v1.17.4
v1.17.5
v1.17.6
v1.17.7
v1.18
v1.18.1
v1.18.2
v1.18.3
v1.18.4
v1.18.5
v1.18.6
v1.18.7
v1.18.8
v1.18.9
v1.20
v1.20.1
v1.20.2
v1.20.3
v1.20.4
v1.20.5
v1.20.6
v1.20.7
v1.20.8
v1.20.8.1
v1.20.8.2
v1.20.8.3
v1.20.8.4
v1.20.8.5
v1.21
v1.22
v1.23
v1.3
v1.31
v1.3a.1
v1.4
v1.4.01
v1.4.1
v1.4.2
v1.4.21
v1.4.22
v1.4.23
v1.4.24
v1.4.25
v1.4.30
v1.4.31
v1.4.4
v1.4.41
v1.4.42
v1.4.43
v1.4.44
v1.4.45
v1.4.46
v1.4.50
v1.4.51
v1.4.52
v1.4.6
v1.4.61
v1.4.62
v1.4.63
v1.4.64