High severity8.8NVD Advisory· Published Jun 12, 2023· Updated Jun 17, 2026
CVE-2023-33253
CVE-2023-33253
Description
LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 6.0 - 6.15
Patches
Vulnerability mechanics
References
2- labcollector.comnvdProduct
- labcollector.com/changelog-labcollector/nvdRelease Notes
News mentions
0No linked articles in our index yet.