CVE-2023-0265: Unrestricted Upload of File with Dangerous Type

April 5, 2023 (updated April 11, 2023)

Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.

References

fluidattacks.com/advisories/supply/
github.com/advisories/GHSA-2hw6-4rv9-82fp
github.com/uvdesk/community-skeleton
nvd.nist.gov/vuln/detail/CVE-2023-0265

Detect and mitigate CVE-2023-0265 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →