CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-52252

Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.3%

CVSS Severity

CVSS v3 Score 9.8

References

https://harkenzo.tlstickle.com/2023-03-17-UR-Web-Triggerable-RCE/
https://www.exploit-db.com/exploits/51309
https://harkenzo.tlstickle.com/2023-03-17-UR-Web-Triggerable-RCE/
https://www.exploit-db.com/exploits/51309

Products affected by CVE-2023-52252

Unifiedremote » Unified Remote » Version: 3.13.0

cpe:2.3:a:unifiedremote:unified_remote:3.13.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-52252

Products

Pricing

Contact Us