CVE-2023-48376
CRITICALCsharp Cws Collaborative Development ... - Unrestricted File Upload
Title source: ruleDescription
SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.
References (1)
Core 1
Core References
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7595-d58b1-1.html
Scores
CVSS v3
9.8
EPSS
0.0051
EPSS Percentile
66.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
csharp/cws_collaborative_development_platform
10.25
Published
Dec 15, 2023
Tracked Since
Feb 18, 2026