CVE-2023-23607

Published: Jan 20, 2023

Modified: Mar 10, 2025

PUBLISHED

CVSS v3.1

9.8

CRITICAL

Description

erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue.

Vendor	Product	Versions
erohtar	Dasherr	affected `< 1.05.00`

Weaknesses (CWE)

CWE-434

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phq

x_refsource_CONFIRM

https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c5112

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-23607

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References