Exploitation Summary
EIP tracks 1 public exploit for CVE-2023-43838. PoCs published by rootd4ddy.
AI-analyzed exploit summary This repository provides a functional proof-of-concept for CVE-2023-43838, demonstrating an arbitrary file upload vulnerability in Personal Management System v1.4.64. The exploit involves uploading a crafted SVG file containing JavaScript, which executes when the avatar is viewed.
Description
An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar.
Exploits (1)
This repository provides a functional proof-of-concept for CVE-2023-43838, demonstrating an arbitrary file upload vulnerability in Personal Management System v1.4.64. The exploit involves uploading a crafted SVG file containing JavaScript, which executes when the avatar is viewed.
References (6)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H