go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center


InfoDoc Document On-line Submission and Approval System - Arbitrary File Upload

TVN ID TVN-202307007
CVE ID CVE-2023-37289
CVSS 9.8 (Critical)
Affected Products 電子公文系統: 22547、22567
Description InfoDoc Document On-line Submission and Approval System’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.
Solution Contact InfoDoc support team
Credit Huding (DEVCORE)
Public Date 2023-09-19