Arbitrary file upload in Guangzhou Smart Software Co., Ltd. Smartbi
CVE-2023-7305
SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafted requests that cause the application t…
Vulnerability class: Unrestricted File Upload
EPSS: 0.005 (38.1th percentile) — read the EPSS interpretation.
Affected products
- Guangzhou Smart Software Co., Ltd. Smartbi — versions V8, V9, V10
Weakness classification (CWE)
References
- disclosure@vulncheck.com (release-notes, patch)
- disclosure@vulncheck.com (vdb-entry)
- disclosure@vulncheck.com (technical-description, exploit)
- disclosure@vulncheck.com (third-party-advisory)