CVE-2023-37289
CRITICALInfodoc Document On-line Submission A... - Unrestricted File Upload
Title source: ruleDescription
It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker can exploit this vulnerability without logging system to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. This issue affects Document On-line Submission and Approval System: 22547, 22567.
References (1)
Core 1
Core References
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7225-cef32-1.html
Scores
CVSS v3
9.8
EPSS
0.0050
EPSS Percentile
66.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-434
Status
published
Products (2)
infodoc/document_on-line_submission_and_approval_system
22547
infodoc/document_on-line_submission_and_approval_system
22567
Published
Jul 20, 2023
Tracked Since
Feb 18, 2026