CVE-2023-52252
CVE-2023-52252
9.8
CriticalPublished:
Last updated:
Source:cve@mitre.org
Modified
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.
References
cve@mitre.org
https://www.exploit-db.com/exploits/51309af854a3a-2127-422b-91ae-364da2661108
https://harkenzo.tlstickle.com/2023-03-17-UR-Web-Triggerable-RCE/af854a3a-2127-422b-91ae-364da2661108
https://www.exploit-db.com/exploits/51309