Vulnerability Details CVE-2023-6354
Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.3%
CVSS Severity
CVSS v3 Score 5.3
References
- https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md
- https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/
- https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems
- https://www.tylertech.com/solutions/courts-public-safety/courts-justice
- https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md
- https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/
- https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems
- https://www.tylertech.com/solutions/courts-public-safety/courts-justice
Products affected by CVE-2023-6354
-
cpe:2.3:a:tylertech:court_case_management_plus:-