{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-26578","assignerOrgId":"07aac9b9-e3e9-4d03-a447-764bd31371d7","state":"PUBLISHED","assignerShortName":"TML","dateReserved":"2023-02-26T06:25:18.748Z","datePublished":"2023-10-25T09:43:54.725Z","dateUpdated":"2024-09-10T20:33:27.301Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"IDWeb","vendor":"IDAttend Pty Ltd","versions":[{"lessThanOrEqual":"3.1.052","status":"affected","version":"0","versionType":"major"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.  "}],"value":"Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.  "}],"impacts":[{"capecId":"CAPEC-126","descriptions":[{"lang":"en","value":"CAPEC-126 Path Traversal"}]},{"capecId":"CAPEC-650","descriptions":[{"lang":"en","value":"CAPEC-650 Upload a Web Shell to a Web Server"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-434","description":"CWE-434 Unrestricted Upload of File with Dangerous Type","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"07aac9b9-e3e9-4d03-a447-764bd31371d7","shortName":"TML","dateUpdated":"2023-10-26T06:43:42.336Z"},"references":[{"url":"https://www.themissinglink.com.au/security-advisories/cve-2023-26578"}],"source":{"discovery":"EXTERNAL"},"title":"Arbitrary File Upload to Web Root In IDAttend’s IDWeb Application","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T11:53:53.764Z"},"title":"CVE Program Container","references":[{"url":"https://www.themissinglink.com.au/security-advisories/cve-2023-26578","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-10T20:33:18.442870Z","id":"CVE-2023-26578","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-10T20:33:27.301Z"}}]}}