CVE-2023-42362
MEDIUMTeller 4.4.0 - Arbitrary File Upload and Remote Code Execution
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2023-42362. PoCs published by Mr-n0b3dy.
AI-analyzed exploit summary The repository describes an unrestricted file upload vulnerability in NCR Teller web app version 4.4.0, leading to stored XSS and potential account takeover (ATO). The writeup lacks exploit code but provides technical details about the vulnerability's impact and root cause.
Description
An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.
Exploits (1)
The repository describes an unrestricted file upload vulnerability in NCR Teller web app version 4.4.0, leading to stored XSS and potential account takeover (ATO). The writeup lacks exploit code but provides technical details about the vulnerability's impact and root cause.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N