CVE-2023-6353
Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass
Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Tyler Technologies · Civil and Criminal Electronic FilingWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.mdhttps://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systemshttps://www.tylertech.com/solutions/courts-public-safety/courts-justice