{"api_version":"1","generated_at":"2026-04-15T22:31:47+00:00","cve":"CVE-2023-26578","urls":{"html":"https://cve.report/CVE-2023-26578","api":"https://cve.report/api/cve/CVE-2023-26578.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-26578","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-26578"},"summary":{"title":"CVE-2023-26578","description":"Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.","state":"PUBLIC","assigner":"vdp@themissinglink.com.au","published_at":"2023-10-25 18:17:00","updated_at":"2023-10-28 03:22:00"},"problem_types":["CWE-434"],"metrics":[],"references":[{"url":"https://www.themissinglink.com.au/security-advisories/cve-2023-26578","name":"https://www.themissinglink.com.au/security-advisories/cve-2023-26578","refsource":"MISC","tags":[],"title":"Arbitrary File Upload to Web Root In IDAttend’s IDWeb Application","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-26578","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26578","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"26578","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"idattend","cpe5":"idweb","cpe6":"3.1.013","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-26578","ASSIGNER":"vdp@themissinglink.com.au","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.  "}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweId":"CWE-22"}]},{"description":[{"lang":"eng","value":"CWE-434 Unrestricted Upload of File with Dangerous Type","cweId":"CWE-434"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"IDAttend Pty Ltd","product":{"product_data":[{"product_name":"IDWeb","version":{"version_data":[{"version_affected":"<=","version_name":"0","version_value":"3.1.052"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.themissinglink.com.au/security-advisories/cve-2023-26578","refsource":"MISC","name":"https://www.themissinglink.com.au/security-advisories/cve-2023-26578"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"EXTERNAL"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-10-25 18:17:00","lastModifiedDate":"2023-10-28 03:22:00","problem_types":["CWE-434"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:idattend:idweb:3.1.013:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}