Arbitrary file upload in Guangzhou Smart Software Co., Ltd. Smartbi

CVE-2023-7305

SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafted requests that cause the application t…

Vulnerability class: Unrestricted File Upload

EPSS: 0.005 (38.1th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References