A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but can be paired with another vulnerability in the platform (CVE-2023-39420, which grants access to hardcoded credentials) to carry the attack without having assigned credentials. 
History

Thu, 26 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Bitdefender

Published: 2023-09-07T12:25:42.733Z

Updated: 2024-09-26T19:11:57.436Z

Reserved: 2023-08-01T15:26:26.149Z

Link: CVE-2023-39424

cve-icon Vulnrichment

Updated: 2024-08-02T18:10:20.808Z

cve-icon NVD

Status : Modified

Published: 2023-09-07T13:15:08.933

Modified: 2024-11-21T08:15:24.047

Link: CVE-2023-39424

cve-icon Redhat

No data.