PatchSiren

ArslanSoft CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH ArslanSoft CVE published 2023-12-01

CVE-2023-5637

CVE-2023-5637 is a high-severity file-upload flaw in Arslansoft Education Portal affecting versions before v1.1. According to the NVD record, the issue is network-exploitable without authentication and can disclose sensitive information, with no impact listed for integrity or availability.

CRITICAL ArslanSoft CVE published 2023-12-01

CVE-2023-5636

CVE-2023-5636 is a critical vulnerability in ArslanSoft Education Portal before v1.1 involving unrestricted upload of a dangerous file type. The published CVSS vector indicates remote, unauthenticated exploitation with low attack complexity and high impact to confidentiality, integrity, and availability. The official record and linked USOM advisory describe the issue as capable of leading to command injec [truncated]

HIGH ArslanSoft CVE published 2023-12-01

CVE-2023-5635

CVE-2023-5635 is a high-severity information disclosure issue in ArslanSoft Education Portal before v1.1. The public records describe improper protection for outbound error messages and alert signals, creating a path for account footprinting. NVD rates the issue CVSS 3.1 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), so the main concern is remote, unauthenticated exposure of sensitive account-related informat [truncated]