CVE-2023-37635

CRITICAL

Uvdesk Community-skeleton - Brute Force

Title source: rule

Description

UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application.

Exploits (1)

nomisec WORKING POC
by oussama-binike · poc
https://github.com/oussama-binike/cve-2023-37635

References (1)

Scores

CVSS v3 9.8
EPSS 0.0823
EPSS Percentile 92.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-307
Status published
Products (1)
uvdesk/community-skeleton 1.1.1
Published Oct 23, 2023
Tracked Since Feb 18, 2026