CVE-2023-43838

Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Published: 04/10/2023 Updated: 06/10/2023

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows malicious users to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar.

Vulnerable Product	Search on Vulmon	Subscribe to Product
personal-management-system personal management system 1.4.64

Public disclosure for CVE-2023-31584.

CVE-2023-43838 An arbitrary file upload vulnerability in Personal Management System v1464 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar [Additional Information] 1) Create alertsvg with the following content: <svg version="11" baseProfile="full" xmlns="wwww3org/2000/s

CWE-434 http://www.w3.org/2000/svg https://github.com/Volmarg/personal-management-system/blob/39d3c0df641a5435f2028b37a27d26ba61a3b97b/src/assets/scripts/core/ui/DataProcessor/SpecialAction.ts#L35 https://github.com/Volmarg https://github.com/rootd4ddy/CVE-2023-43838 https://github.com/Volmarg/personal-management-system https://github.com/rootd4ddy/https://nvd.nist.gov https://github.com/rootd4ddy/CVE-2023-43838

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-43838

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect