CRITICAL🇵🇱 Wersja polska

CVE-2023-32757

CVSS 9.8v3.1pub. 2023-08-25upd. 2024-11-21

e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Edetw U Office Force

    APP
    Edetw
    20.0.7668d
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-3422CRITICAL9.3PL ✓ten sam produkt

Insecure Deserialization w Edetw U-Office Force umożliwia zdalne RCE

CVE-2025-2395CRITICAL9.8PL ✓ten sam produkt

U-Office Force: Nieautoryzowane logowanie jako administrator przez manipulację cookies

CVE-2025-12865HIGH8.7ten sam produkt

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote atta...

CVE-2025-12864HIGH8.7ten sam produkt

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote atta...

CVE-2025-2396HIGH8.8ten sam produkt

The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers wit...