CVE-2023-6723

EUVD-2023-58937
An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system compromise.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
INCIBECNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
europeanarepox
2.3.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox