CVE-2023-35985

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-73
View all →

Vulnerability Description

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin extension is enabled.

Related Vulnerabilities

CVE-2020-25161

HIGH
CVSS:8.8(High)

The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administ...

CWE-732020

CVE-2021-3626

HIGH
CVSS:8.8(High)

The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege es...

CWE-732021

CVE-2022-2431

HIGH
CVSS:8.8(High)

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles...

CWE-732022

CVE-2022-31739

HIGH
CVSS:8.8(High)

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %...

CWE-732022

CVE-2023-36634

HIGH
CVSS:8.8(High)

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions...

CWE-732023

CVE-2023-36764

HIGH
CVSS:8.8(High)

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CWE-732023