CVSS 3.1 Score 9.8 of 10 (high)


Published Nov 17, 2023
Updated: Nov 25, 2023
CWE ID 434


CVE-2023-48031, also known as Unrestricted Upload of File with Dangerous Type (CWE-434), is a critical vulnerability affecting OpenSupports v4.11.0. By manipulating the file's magic bytes, an attacker can bypass security restrictions in the comment function and upload a .bat file that masquerades as an allowed type. This vulnerability could allow the attacker to execute arbitrary code or establish a reverse shell, potentially gaining unauthorized control over the victim's station or conducting unauthorized file writes. The base severity score is 9.8 out of 10, indicating a high level of risk, with high impacts on confidentiality, integrity, and availability. No remediation steps are provided in the available information.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-48031 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options