How severe is CVE-2023-28643?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2023-28643?

This is classified as CWE-706, which is a common weakness in software security.

CVE-2023-28643 - HIGH Severity | CVSS 8.8

Vulnerability Description

Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the same name, while a memory cache is configured, the second share will replace the first one instead of being renamed to `{name} (2)`. It is recommended that the Nextcloud Server is upgraded to 25.0.3 or 24.0.9. Users unable to upgrade should avoid sharing 2 folders with the same name to the same user.

Related Vulnerabilities

CVE-2021-37214

HIGH

CVSS:8.8(High)

The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in sp...

CWE-7062021

CVE-2021-37144

CRITICAL

CVSS:9.1(Critical)

CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represent...

CWE-7062021

CVE-2021-37315

CRITICAL

CVSS:9.1(Critical)

Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the...

CWE-7062021

CVE-2024-27295

HIGH

CVSS:8.2(High)

Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim use...

CWE-7062024

CVE-2022-27778

HIGH

CVSS:8.1(High)

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.

CWE-7062022

CVE-2019-7731

CRITICAL

CVSS:9.8(Critical)

MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's arch...

CWE-7062019