CVE-2023-3374
9.8 CRITICALIncomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0
Published: 2023-09-05 · Last updated: 2024-11-21
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-184
Affected products
| Vendor | Product |
|---|---|
| bookreen | bookreen |
Description
Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2023-3375 — Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection.This issue affects Bookreen... (7.2 HIGH)
Same CWE
- CVE-2026-53836 — OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to exec... (8.8 HIGH)
- CVE-2026-48557 — Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer() (8.8 HIGH)
- CVE-2026-44287 — FastGPT is an AI Agent building platform (6.3 MEDIUM)
- CVE-2026-44463 — Zed is a code editor (8.6 HIGH)
- CVE-2026-44462 — Zed is a code editor (6.4 MEDIUM)