{"id":"CVE-2023-43838","details":"An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar.","modified":"2026-04-12T07:20:13.192690Z","published":"2023-10-04T16:15:10.277Z","references":[{"type":"WEB","url":"http://www.w3.org/2000/svg"},{"type":"WEB","url":"https://github.com/Volmarg"},{"type":"WEB","url":"https://github.com/rootd4ddy/"},{"type":"ADVISORY","url":"https://github.com/Volmarg/personal-management-system/blob/39d3c0df641a5435f2028b37a27d26ba61a3b97b/src/assets/scripts/core/ui/DataProcessor/SpecialAction.ts#L35"},{"type":"PACKAGE","url":"https://github.com/Volmarg/personal-management-system"},{"type":"EVIDENCE","url":"https://github.com/rootd4ddy/CVE-2023-43838"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/volmarg/personal-management-system","events":[{"introduced":"0"},{"last_affected":"8a501d88f358ae6882c58124dccf27252e3d1801"}],"database_specific":{"cpe":"cpe:2.3:a:personal-management-system:personal_management_system:1.4.64:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"1.4.64"}]}}],"versions":["1.19","1.31.1","Beta1.2","Beta1.3","Beta1.4","beta1.0","beta1.1","v1.0","v1.01","v1.1","v1.11","v1.12","v1.13","v1.14","v1.15","v1.17","v1.17.1","v1.17.2","v1.17.3","v1.17.4","v1.17.5","v1.17.6","v1.17.7","v1.18","v1.18.1","v1.18.2","v1.18.4","v1.18.5","v1.18.6","v1.18.7","v1.18.8","v1.18.9","v1.20","v1.20.1","v1.20.2","v1.20.3","v1.20.4","v1.20.5","v1.20.6","v1.20.7","v1.20.8","v1.20.8.1","v1.20.8.2","v1.20.8.3","v1.20.8.4","v1.20.8.5","v1.21","v1.23","v1.3","v1.31","v1.3a.1","v1.4","v1.4.01","v1.4.1","v1.4.2","v1.4.21","v1.4.22","v1.4.23","v1.4.25","v1.4.30","v1.4.31","v1.4.4","v1.4.41","v1.4.42","v1.4.43","v1.4.44","v1.4.45","v1.4.46","v1.4.50","v1.4.52","v1.4.6","v1.4.61","v1.4.62","v1.4.63","v1.4.64"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-43838.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}