CVE-2023-38874

Published: Sep 28, 2023

Modified: Aug 2, 2024

PUBLISHED

Description

A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/gugoan/economizzer

https://www.economizzer.org

https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38874

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-38874

Description

Affected Products

References