Vulnerability Details CVE-2023-48394
Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.2%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-48394
-
cpe:2.3:a:kaifa:webitr_attendance_system:2.1.0.23