9.8

CVE-2023-0960

Exploit

SeaCMS Picture Management config.ftp.php deserialization

A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/config.ftp.php of the component Picture Management. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-221630 is the identifier assigned to this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SeacmsSeacms Version11.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.98% 0.575
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com 4.7 1.2 3.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com 5.8 6.4 6.4
AV:N/AC:L/Au:M/C:P/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://github.com/jidle123/Seacms-v11.6/issues/1
Third Party Advisory
https://note.youdao.com/ynoteshare/index.html?id=ef23876c8744c5c230f3874387c06b11
Exploit
https://vuldb.com/?ctiid.221630
Third Party Advisory
Permissions Required
https://vuldb.com/?id.221630
Third Party Advisory