CVE-2023-43838

HIGH

Personal Management System <1.4.64 - RCE

Title source: llm

Description

An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar.

Exploits (1)

nomisec WORKING POC 1 stars

by rootd4ddy · poc

https://github.com/rootd4ddy/CVE-2023-43838

View Code ZIP pw:eip

References (6)

Core 6

Core References

Not Applicable

http://www.w3.org/2000/svg

Not Applicable

https://github.com/Volmarg

Product

https://github.com/Volmarg/personal-management-system

Vendor Advisory

https://github.com/Volmarg/personal-management-system/blob/39d3c0df641a5435f2028b37a27d26ba61a3b97b/src/assets/scripts/core/ui/DataProcessor/SpecialAction.ts#L35

Not Applicable

https://github.com/rootd4ddy/

Exploit, Third Party Advisory

https://github.com/rootd4ddy/CVE-2023-43838

Scores

CVSS v3 7.8

EPSS 0.0050

EPSS Percentile 65.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

personal-management-system/personal_management_system 1.4.64

Published Oct 04, 2023

Tracked Since Feb 18, 2026