CVE-2023-23607

Name: CVE-2023-23607
Creator: NVD / NIST
Published: 2023-01-20T21:15:11.167+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 1.61%

Last modified Jun 17, 2026

CVE-2023-23607 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. EPSS estimates a 1.61% chance of exploitation in the next 30 days.

Description

erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.61%

72.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-434

Affected Software

Vendor	Product	Versions
Dasherr Project	Dasherr	< 1.05.00

References

https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c5112Patch, Third Party Advisory
https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phqExploit, Third Party Advisory
https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c5112Patch, Third Party Advisory
https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phqExploit, Third Party Advisory
https://www.vicarius.io/vsociety/posts/analyzing-arbitrary-file-upload-in-dasherr-cve-2023-23607-23608

Timeline

Published: Jan 20, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-23607?

How severe is CVE-2023-23607?

CVE-2023-23607 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.61% probability of exploitation in the next 30 days.

How do I fix CVE-2023-23607?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-23607?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST