CVE-2023-52252
CRITICAL WAF: High
CVSS 9.8
Published: 2023-12-30
CWE-611
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| unifiedremote | unified_remote | 3.13.0 |
References
- harkenzo.tlstickle.com (Exploit)
- www.exploit-db.com (Exploit, Third Party Advisory, VDB Entry)