CVE-2023-48376
CRITICALSmartStar Software CWS - Unauthenticated Unrestricted Upload of File with Dangerous Type
Title source: llmDescription
SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.
References (1)
Core 1
Core References
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7595-d58b1-1.html
Scores
CVSS v3
9.8
EPSS
0.0096
EPSS Percentile
57.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
csharp/cws_collaborative_development_platform
10.25
Published
Dec 15, 2023
Tracked Since
Feb 18, 2026