Authenticated Remote Command Execution in Uvdesk Version 1.1.1 via Profile Picture Upload

Authenticated Remote Command Execution in Uvdesk Version 1.1.1 via Profile Picture Upload

CVE-2023-0265 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.

Learn more about our Cis Benchmark Audit For Server Software.