Description

SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafted requests that cause the application to perform sensitive operations or execute arbitrary code on the host. The vendor released a fix in July 2023 to address the underlying flaw. VulnCheck has observed this vulnerability being targeted by the RondoDox botnet campaign.

INFO

Published Date :

2025-10-15T01:24:53.813Z

Last Modified :

2025-10-15T18:44:11.365Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2023-7305 vulnerability.

Vendors Products
Guangzhou Smart Software
  • Smartbi
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-7305.

URL Resource
https://avd.aliyun.com/detail?id=AVD-2023-1673292 cve-icon cve-icon
https://jeyiuwai.pages.dev/posts/1day-%E8%B7%9F%E8%B8%AAsmartbi-rmiservlet-%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/ cve-icon cve-icon
https://www.smartbi.com.cn/patchinfo cve-icon cve-icon
https://www.vulncheck.com/advisories/smartbi-rmiservlet-unrestricted-file-upload-rce cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability