Critical severity9.8NVD Advisory· Published Nov 17, 2023· Updated Jun 17, 2026
CVE-2023-48031
CVE-2023-48031
Description
OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=4.11.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.