CVE-2023-26578

Arbitrary File Upload to Web Root In IDAttend’s IDWeb Application

CVSS 8.8 HIGHEPSS 1.5%CWE-22 CWE-434

Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

IDAttend Pty Ltd · IDWeb

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.themissinglink.com.au/security-advisories/cve-2023-26578