Published: 22/07/2023 Updated: 17/05/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dahuasecurity smart parking management

Check Point Reference: CPAI-2023-1440 Date Published: 10 Jan 2024 Severity: Critical ...

大华智慧园区综合管理平台publishing文件上传

大华智慧园区综合管理平台publishing文件上传 POC 安装依赖 pip install argparse requests rich 注意:使用的是python3的环境使用 python CVE-2023-3836py -h 文件内url格式运行结果

CVE-2023-3836 CVE-2023-3836 - Arbitrary File Upload / Upload Webshell

CWE-434 https://vuldb.com/?ctiid.235162 https://github.com/qiuhuihk/cve/blob/main/upload.md https://vuldb.com/?id.235162 https://nvd.nist.gov https://github.com/zh-byte/CVE-2023-3836 https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1440.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-3836

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect