CVE-2023-24108

Exploit

EPSS 0.14%
Veröffentlicht 22.02.2023 04:15:10
Zuletzt bearbeitet 13.03.2025 20:15:14
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zetacomponenets ≫ Mvctools Version2008-09-23

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.349

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-912 Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

https://mirrors.neusoft.edu.cn/pypi/web/simple/request/

Broken Link

https://github.com/zetacomponents/MvcTools/

Product

https://github.com/zetacomponents/MvcTools/issues/12

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-24108

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-24108

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-24108

EUVD