Vulnerability Details : CVE-2023-33253
Potential exploit
LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent.
Vulnerability category: Execute code
Products affected by CVE-2023-33253
- cpe:2.3:a:agilebio:labcollector:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-33253
0.92%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-33253
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2023-33253
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-33253
-
https://github.com/Toxich4/CVE-2023-33253
GitHub - Toxich4/CVE-2023-33253Exploit;Third Party Advisory
-
https://labcollector.com/changelog-labcollector/
Latest News About LabCollector | LabCollecor LIMSRelease Notes
-
https://labcollector.com/
All-in-One Lab Management & Notebook | LabCollector LIMSProduct
Jump to