Authenticated Remote Command Execution in Uvdesk Version 1.1.1 via Profile Picture Upload
CVE-2023-0265 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.
Learn more about our Cis Benchmark Audit For Server Software.