From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability ID: CVE-2023-5524 2. Affected Products: - M-Files Web Companion before 23.10 - M-Files Web Companion before 23.8 LTS SR1 3. Description: In versions of M-Files Web Companion prior to 23.10 and LTS Service Release versions prior to 23.8 LTS SR1, specific file types may lead to remote code execution. 4. Affected Versions: - M-Files Web Companion before 23.10 - M-Files Web Companion before 23.8 LTS SR1 5. Additional Information: - User interaction is required to exploit the vulnerability. - Attackers must have access to the repository storing the malicious files. - The vulnerability has been fixed in versions 23.10 and 23.8 LTS SR1. - Web Companion in version 23.2 LTS is not affected. - Both M-Files Server and Web Companion must be updated to remediate the vulnerability. - Web Companion does not automatically update installed users. - If Web Companion is not installed, the vulnerability does not apply, even in M-Files releases before 23.10. 6. CVSS Score: - Base Score: 8.2 - Temporal Score: 7.1 7. CWE ID: CWE-434 Unrestricted Upload of File with Dangerous Type 8. CAPEC ID: CAPEC-253 Remote Code Inclusion 9. Internal ID: 168541 10. Release Date: 2023-10-20 11. Disclosure Status: Not publicly disclosed 12. Exploitation Status: Not exploited 13. Exploit Likelihood: Low - Responsible disclosure 14. Link: https://www.cve.org/CVERecord?id=CVE-2023-5524 15. History: Released on 2023-10-20 This information provides a detailed description of the vulnerability, affected products, remediation steps, and security ratings.