CyberSec.Space Logo
Back to CVE Browser

CVE-2023-2712

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0560%
EPSS Percentile10.74th
PublishedMay 20, 2023
Last ModifiedMay 22, 2026

Vulnerability Description

Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server. This issue affects Rental Module: before 23.05.15.

Affected Platforms (CPE)

๐Ÿ“ฆ
Rental Module Project

Rental Module

< 23.05.15

References & Advisories

๐Ÿ”— https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0276
๐Ÿ”— https://www.usom.gov.tr/bildirim/tr-23-0276
๐Ÿ”— https://www.usom.gov.tr/bildirim/tr-23-0276

Related Vulnerabilities

CVE-2023-27139.8

Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-comme...

CVE-2012-43246.8

Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authent...

CVE-2021-257905.4

Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allow...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...