Vulnerability Details CVE-2023-6353
Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.9%
CVSS Severity
CVSS v3 Score 5.3
References
- https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md
- https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/
- https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems
- https://www.tylertech.com/solutions/courts-public-safety/courts-justice
- https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md
- https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/
- https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems
- https://www.tylertech.com/solutions/courts-public-safety/courts-justice
Products affected by CVE-2023-6353
-
cpe:2.3:a:tylertech:court_case_management_plus:-