CVE-2023-43838

An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
personal-management-systempersonal_management_system
1.4.64
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.w3.org/2000/svg
https://github.com/Volmarg
https://github.com/Volmarg/personal-management-system
https://github.com/Volmarg/personal-management-system/blob/39d3c0df641a5435f2028b37a27d26ba61a3b97b/src/assets/scripts/core/ui/DataProcessor/SpecialAction.ts#L35
https://github.com/rootd4ddy/
https://github.com/rootd4ddy/CVE-2023-43838
http://www.w3.org/2000/svg
https://github.com/Volmarg
https://github.com/Volmarg/personal-management-system
https://github.com/Volmarg/personal-management-system/blob/39d3c0df641a5435f2028b37a27d26ba61a3b97b/src/assets/scripts/core/ui/DataProcessor/SpecialAction.ts#L35
https://github.com/rootd4ddy/
https://github.com/rootd4ddy/CVE-2023-43838