QSearchQSearch

CVE-2023-3049

9.8 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: befor...

Published: 2023-06-13 · Last updated: 2024-11-21

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-434

Affected products

VendorProduct
tmtmakinelockcell_firmware

Description

Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2023-3050 Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse... (9.8 CRITICAL)
  • CVE-2023-3048 Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This is... (9.8 CRITICAL)
  • CVE-2023-3047 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.T... (9.8 CRITICAL)

Same CWE

  • CVE-2026-9067 The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload ... (9.1 CRITICAL)
  • CVE-2026-36722 An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute ... (5.4 MEDIUM)
  • CVE-2025-40808 A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85... (6.1 MEDIUM)
  • CVE-2026-34031 Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer (6.5 MEDIUM)
  • CVE-2026-33582 Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer (6.5 MEDIUM)