go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center


e-Excellence U-Office Force - Arbitrary File Upload

TVN ID TVN-202308003
CVE ID CVE-2023-32757
CVSS 9.8 (Critical)
Affected Products U-Office Force: 20.0.7668D
Description e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.
Solution update version to 24.50SP1 or later
Credit Kun Xian Lin(DEVCORE)
Public Date 2023-09-19