Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).
Metrics
Affected Vendors & Products
References
History
Tue, 26 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-94 | |
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: mitre
Published: 2023-06-29T00:00:00
Updated: 2024-11-26T18:24:18.451Z
Reserved: 2023-05-22T00:00:00
Link: CVE-2023-33466

Updated: 2024-08-02T15:47:05.805Z

Status : Modified
Published: 2023-06-29T15:15:09.483
Modified: 2024-11-26T19:15:20.670
Link: CVE-2023-33466

No data.