CVE-2023-37635

CRITICAL

UVDesk Community Skeleton v1.1.1 - Unauthenticated Login Brute Force

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-37635. PoCs published by oussama-binike.

AI-analyzed exploit summary This repository contains a brute-force exploit for CVE-2023-37635, targeting UVDesk by attempting to authenticate with a list of passwords. It checks for successful login by verifying a 302 redirect to the dashboard.

Description

UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application.

Exploits (1)

nomisec WORKING POC

by oussama-binike · poc

https://github.com/oussama-binike/cve-2023-37635

View Code ZIP pw:eip

This repository contains a brute-force exploit for CVE-2023-37635, targeting UVDesk by attempting to authenticate with a list of passwords. It checks for successful login by verifying a 302 redirect to the dashboard.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: UVDesk (version not specified)

No auth needed

Prerequisites: A list of passwords in 'My_passwords.txt' · Target URL

MITRE ATT&CK

T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://www.esecforte.com/cve-2023-37635-login-bruteforce/

Scores

CVSS v3 9.8

EPSS 0.0115

EPSS Percentile 62.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-307

Status published

Products (1)

uvdesk/community-skeleton 1.1.1

Published Oct 23, 2023

Tracked Since Feb 18, 2026