CVE-2023-48031

Published: Nov 17, 2023

Modified: Sep 29, 2025

PUBLISHED

Description

OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugplorer.github.io/cve-opensupports/

https://nitipoom-jar.github.io/CVE-2023-48031/

https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2023-48031

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-48031

Description

Affected Products

References