CVE-2023-42362

MEDIUM

Teller 4.4.0 - Arbitrary File Upload and Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-42362. PoCs published by Mr-n0b3dy.

AI-analyzed exploit summary The repository describes an unrestricted file upload vulnerability in NCR Teller web app version 4.4.0, leading to stored XSS and potential account takeover (ATO). The writeup lacks exploit code but provides technical details about the vulnerability's impact and root cause.

Description

An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.

Exploits (1)

nomisec WRITEUP
by Mr-n0b3dy · poc
https://github.com/Mr-n0b3dy/CVE-2023-42362

The repository describes an unrestricted file upload vulnerability in NCR Teller web app version 4.4.0, leading to stored XSS and potential account takeover (ATO). The writeup lacks exploit code but provides technical details about the vulnerability's impact and root cause.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Moderate
Reliability
Theoretical
Target: NCR Teller web app 4.4.0
No auth needed
Prerequisites: Access to file upload functionality in the NCR Teller web app
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 5.4
EPSS 0.0057
EPSS Percentile 43.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
teller/teller 4.4.0
Published Sep 14, 2023
Tracked Since Feb 18, 2026