What is CVE-2023-32757?

CVE-2023-32757 is a critical-severity vulnerability in E-excellence U-office Force, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 9.8/10. Published 2023-08-25.

How severe is CVE-2023-32757?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Arbitrary file upload in E-excellence U-office Force

CVE-2023-32757

e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform a…

Vulnerability class: Unrestricted File Upload

EPSS: 0.006 (70.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

E-excellence U-office Force — versions 20.0.7668D

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

References

www.twcert.org.tw/tw/cp-132-7330-94442-1.html

Frequently asked questions

What is CVE-2023-32757?: CVE-2023-32757 is a critical-severity vulnerability in E-excellence U-office Force, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 9.8/10. Published 2023-08-25.
How severe is CVE-2023-32757?: Critical severity. CVSS v3 base score is 9.8 out of 10.